Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
FACTURA-002297.exe

Overview

General Information

Sample name:FACTURA-002297.exe
Analysis ID:1524995
MD5:e0cdd543f142a8cb51c02d2229f9602d
SHA1:fe357f74ea47ba6319fe68240131f19c9ae2664d
SHA256:1602325d55a3537877b0a08c80dfd34f69a12b08d10af3b5aec5479fac779283
Infos:

Detection

FormBook, GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected FormBook
Yara detected GuLoader
Found direct / indirect Syscall (likely to bypass EDR)
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64native
  • FACTURA-002297.exe (PID: 7388 cmdline: "C:\Users\user\Desktop\FACTURA-002297.exe" MD5: E0CDD543F142A8CB51C02D2229F9602D)
    • FACTURA-002297.exe (PID: 6464 cmdline: "C:\Users\user\Desktop\FACTURA-002297.exe" MD5: E0CDD543F142A8CB51C02D2229F9602D)
      • RAVCpl64.exe (PID: 6084 cmdline: "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s MD5: 731FB4B2E5AFBCADAABB80D642E056AC)
        • SecEdit.exe (PID: 488 cmdline: "C:\Windows\SysWOW64\SecEdit.exe" MD5: BFC13856291E4B804D33BBAEFC8CB3B5)
          • explorer.exe (PID: 4960 cmdline: C:\Windows\Explorer.EXE MD5: 5EA66FF5AE5612F921BC9DA23BAC95F7)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.14765009374.0000000002A10000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000003.00000002.14765009374.0000000002A10000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2bf40:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x1400f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000001.00000002.13227651588.0000000032B50000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000001.00000002.13227651588.0000000032B50000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2bf40:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x1400f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000003.00000002.14765099123.0000000002A60000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 2 entries

        Sigma Signatures

        No Sigma rule has matched

        Suricata Signatures

        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-10-03T15:21:53.249574+020028032702Potentially Bad Traffic192.168.11.3049804142.251.32.110443TCP

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: FACTURA-002297.exeAvira: detected
        Multi AV Scanner detection for submitted file
        Source: FACTURA-002297.exeReversingLabs: Detection: 13%
        Yara detected FormBook
        Source: Yara matchFile source: 00000003.00000002.14765009374.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000001.00000002.13227651588.0000000032B50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.14765099123.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: FACTURA-002297.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: unknownHTTPS traffic detected: 142.251.32.110:443 -> 192.168.11.30:49804 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 142.250.81.225:443 -> 192.168.11.30:49805 version: TLS 1.2
        Source: FACTURA-002297.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: SecEdit.pdb source: FACTURA-002297.exe, 00000001.00000002.13215535110.0000000002B5D000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13179961081.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13180075651.0000000002B5D000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdb source: FACTURA-002297.exe, 00000001.00000001.12705991401.0000000000649000.00000020.00000001.01000000.00000007.sdmp
        Source: Binary string: SecEdit.pdbGCTL source: FACTURA-002297.exe, 00000001.00000002.13215535110.0000000002B5D000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13179961081.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13180075651.0000000002B5D000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdbUGP source: FACTURA-002297.exe, 00000001.00000003.13122847892.0000000032A96000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13126720874.0000000032C4E000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, SecEdit.exe, 00000003.00000002.14765387311.0000000002D00000.00000040.00001000.00020000.00000000.sdmp, SecEdit.exe, 00000003.00000002.14765387311.0000000002E2D000.00000040.00001000.00020000.00000000.sdmp, SecEdit.exe, 00000003.00000003.13211211466.00000000029A8000.00000004.00000020.00020000.00000000.sdmp, SecEdit.exe, 00000003.00000003.13214921112.0000000002B56000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: FACTURA-002297.exe, FACTURA-002297.exe, 00000001.00000003.13122847892.0000000032A96000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13126720874.0000000032C4E000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, SecEdit.exe, SecEdit.exe, 00000003.00000002.14765387311.0000000002D00000.00000040.00001000.00020000.00000000.sdmp, SecEdit.exe, 00000003.00000002.14765387311.0000000002E2D000.00000040.00001000.00020000.00000000.sdmp, SecEdit.exe, 00000003.00000003.13211211466.00000000029A8000.00000004.00000020.00020000.00000000.sdmp, SecEdit.exe, 00000003.00000003.13214921112.0000000002B56000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdbUGP source: FACTURA-002297.exe, 00000001.00000001.12705991401.0000000000649000.00000020.00000001.01000000.00000007.sdmp
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 0_2_004066F3 FindFirstFileW,FindClose,0_2_004066F3
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 0_2_00405ABE CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405ABE
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 0_2_00402862 FindFirstFileW,0_2_00402862
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 4x nop then mov ebx, 00000004h1_2_32B204DE
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4x nop then mov ebx, 00000004h2_2_03E0B2C9
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4x nop then mov ebx, 00000004h3_2_02B604DE
        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.30:49804 -> 142.251.32.110:443
        Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1OdgW5jXNxO1G0UZ5n_rUYTHivp-qXwoP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /download?id=1OdgW5jXNxO1G0UZ5n_rUYTHivp-qXwoP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1OdgW5jXNxO1G0UZ5n_rUYTHivp-qXwoP HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /download?id=1OdgW5jXNxO1G0UZ5n_rUYTHivp-qXwoP&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
        Source: global trafficDNS traffic detected: DNS query: drive.google.com
        Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
        Source: explorer.exe, 00000004.00000000.14699484326.000000000CDDB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14692188196.00000000093C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.17480075054.00000000093C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.17505828756.000000000CDDB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0B
        Source: explorer.exe, 00000004.00000002.17481542953.0000000009497000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14701733772.0000000010890000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14692727753.0000000009497000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.17511662081.0000000010890000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG3.crt0B
        Source: FACTURA-002297.exe, 00000001.00000003.12776239317.0000000002B5D000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13123975623.0000000002B55000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13124066322.0000000002B5A000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000002.13215535110.0000000002B5D000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.12746028479.0000000002B5D000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13123689221.0000000002B5A000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13180075651.0000000002B5D000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13123533419.0000000002B55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
        Source: FACTURA-002297.exe, 00000001.00000003.12776239317.0000000002B5D000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13123975623.0000000002B55000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13124066322.0000000002B5A000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000002.13215535110.0000000002B5D000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.12746028479.0000000002B5D000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13123689221.0000000002B5A000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13180075651.0000000002B5D000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13123533419.0000000002B55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
        Source: explorer.exe, 00000004.00000000.14699484326.000000000CDDB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14692188196.00000000093C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.17480075054.00000000093C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.17505828756.000000000CDDB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl0
        Source: explorer.exe, 00000004.00000002.17481542953.0000000009497000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14701733772.0000000010890000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14692727753.0000000009497000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.17511662081.0000000010890000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG3.crl0
        Source: FACTURA-002297.exe, 00000001.00000001.12705991401.0000000000649000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
        Source: FACTURA-002297.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
        Source: explorer.exe, 00000004.00000000.14701733772.00000000108D2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.17511662081.00000000108D2000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GypD
        Source: explorer.exe, 00000004.00000002.17481542953.0000000009497000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14699484326.000000000CDDB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14692188196.00000000093C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14701733772.0000000010890000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14692727753.0000000009497000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.17511662081.0000000010890000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.17480075054.00000000093C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.17505828756.000000000CDDB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
        Source: explorer.exe, 00000004.00000000.14699484326.000000000CDDB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.17500353309.000000000C8F6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14697423170.000000000C8F6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.17505828756.000000000CDDB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crl
        Source: explorer.exe, 00000004.00000002.17507133801.000000000CE53000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14699992004.000000000CE53000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG3.crl
        Source: explorer.exe, 00000004.00000002.17486398552.0000000009B70000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000002.17463972278.0000000002EE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000002.17489138860.000000000ACB0000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
        Source: FACTURA-002297.exe, 00000001.00000001.12705991401.0000000000649000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.gopher.ftp://ftp.
        Source: FACTURA-002297.exe, 00000001.00000001.12705991401.0000000000626000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
        Source: FACTURA-002297.exe, 00000001.00000001.12705991401.00000000005F2000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
        Source: FACTURA-002297.exe, 00000001.00000001.12705991401.00000000005F2000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
        Source: explorer.exe, 00000004.00000000.14692727753.00000000094F4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.17481542953.00000000094F4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
        Source: explorer.exe, 00000004.00000002.17500353309.000000000C84F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
        Source: explorer.exe, 00000004.00000000.14692727753.00000000094F4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.17481542953.00000000094F4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?
        Source: explorer.exe, 00000004.00000002.17500353309.000000000C810000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14697423170.000000000C810000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
        Source: FACTURA-002297.exe, 00000001.00000003.12746028479.0000000002B5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
        Source: explorer.exe, 00000004.00000000.14692727753.00000000094F4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.17481542953.00000000094F4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com
        Source: explorer.exe, 00000004.00000000.14697423170.000000000CCDE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.17500353309.000000000CCDE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/
        Source: explorer.exe, 00000004.00000000.14697423170.000000000CCDE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.17500353309.000000000CCDE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/F
        Source: explorer.exe, 00000004.00000002.17507133801.000000000CE53000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14699992004.000000000CE53000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdat
        Source: explorer.exe, 00000004.00000002.17480075054.00000000092B0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14692188196.00000000092B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdat;
        Source: explorer.exe, 00000004.00000000.14692188196.00000000092B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/
        Source: explorer.exe, 00000004.00000002.17480075054.00000000092B0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14692188196.00000000092B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/pollensensecity/202409102336/PollenCity.json
        Source: explorer.exe, 00000004.00000002.17480075054.00000000092B0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14692188196.00000000092B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/pollensenserendered/091023/
        Source: explorer.exe, 00000004.00000000.14697423170.000000000CA5B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.17500353309.000000000CCF3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14702424389.0000000010A3A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.17512533718.0000000010A3A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14697423170.000000000CCF3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.17500353309.000000000CA5B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/taskbar/icons/earnings/svg/light/blue.svg
        Source: explorer.exe, 00000004.00000002.17500353309.000000000CCF3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14697423170.000000000CCF3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/taskbar/icons/earnings/svg/light/blue.svg%
        Source: explorer.exe, 00000004.00000000.14702424389.0000000010A3A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.17512533718.0000000010A3A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/taskbar/icons/earnings/svg/light/blue.svgY:
        Source: explorer.exe, 00000004.00000002.17500353309.000000000C99E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14697423170.000000000C99E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/taskbar/icons/earnings/svg/light/blue.svgg
        Source: explorer.exe, 00000004.00000002.17500353309.000000000C99E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.17500353309.000000000C8F6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14697423170.000000000C8F6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14697423170.000000000C99E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/news/BreakingNews_72x72.svg
        Source: explorer.exe, 00000004.00000002.17500353309.000000000C99E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14697423170.000000000C99E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/news/BreakingNews_72x72.svgo
        Source: explorer.exe, 00000004.00000002.17512301661.0000000010961000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14702229596.0000000010961000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14702424389.0000000010A3A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.17512533718.0000000010A3A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/AQI/uspl04.svg
        Source: explorer.exe, 00000004.00000000.14702424389.0000000010A3A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.17512533718.0000000010A3A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/AQI/uspl04.svg4
        Source: explorer.exe, 00000004.00000000.14697423170.000000000C99E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/Condition/MostlyClearNight.png
        Source: explorer.exe, 00000004.00000002.17500353309.000000000C99E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14697423170.000000000C99E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/Condition/MostlyClearNight.svg
        Source: explorer.exe, 00000004.00000000.14699484326.000000000CD03000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14697423170.000000000CA5B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.17500353309.000000000CA5B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.17505828756.000000000CD03000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/Condition_Badge/MostlyClearNig
        Source: FACTURA-002297.exe, 00000001.00000002.13215088885.0000000002AD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/7
        Source: FACTURA-002297.exe, 00000001.00000002.13215088885.0000000002AD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/G
        Source: FACTURA-002297.exe, 00000001.00000002.13215088885.0000000002AD8000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000002.13215088885.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000002.13226715202.00000000321C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1OdgW5jXNxO1G0UZ5n_rUYTHivp-qXwoP
        Source: FACTURA-002297.exe, 00000001.00000002.13215088885.0000000002AD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1OdgW5jXNxO1G0UZ5n_rUYTHivp-qXwoPd
        Source: FACTURA-002297.exe, 00000001.00000002.13215088885.0000000002B2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1OdgW5jXNxO1G0UZ5n_rUYTHivp-qXwoPi
        Source: FACTURA-002297.exe, 00000001.00000003.12776239317.0000000002B5D000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13123975623.0000000002B55000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13124066322.0000000002B5A000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000002.13215535110.0000000002B5D000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13123689221.0000000002B5A000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13180075651.0000000002B5D000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13123533419.0000000002B55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
        Source: FACTURA-002297.exe, 00000001.00000003.12776239317.0000000002B5D000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13123975623.0000000002B55000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13124066322.0000000002B5A000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000002.13215535110.0000000002B5D000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13123689221.0000000002B5A000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13180075651.0000000002B5D000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13123533419.0000000002B55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/?
        Source: FACTURA-002297.exe, 00000001.00000003.13123533419.0000000002B55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1OdgW5jXNxO1G0UZ5n_rUYTHivp-qXwoP&export=download
        Source: FACTURA-002297.exe, 00000001.00000002.13215405983.0000000002B3B000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13124152190.0000000002B39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1OdgW5jXNxO1G0UZ5n_rUYTHivp-qXwoP&export=download_
        Source: FACTURA-002297.exe, 00000001.00000003.12776239317.0000000002B5D000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13123975623.0000000002B55000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13124066322.0000000002B5A000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000002.13215535110.0000000002B5D000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13123689221.0000000002B5A000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13180075651.0000000002B5D000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13123533419.0000000002B55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1OdgW5jXNxO1G0UZ5n_rUYTHivp-qXwoP&export=downloade
        Source: FACTURA-002297.exe, 00000001.00000001.12705991401.0000000000649000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
        Source: explorer.exe, 00000004.00000000.14702424389.0000000010A3A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.17512533718.0000000010A3A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
        Source: FACTURA-002297.exe, 00000001.00000003.12746028479.0000000002B5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
        Source: FACTURA-002297.exe, 00000001.00000003.12746028479.0000000002B5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
        Source: FACTURA-002297.exe, 00000001.00000003.12746028479.0000000002B5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
        Source: FACTURA-002297.exe, 00000001.00000003.12746028479.0000000002B5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
        Source: FACTURA-002297.exe, 00000001.00000003.12746028479.0000000002B5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
        Source: explorer.exe, 00000004.00000002.17480075054.00000000092B0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14692188196.00000000092B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/markets?id=a33k6h
        Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
        Source: unknownHTTPS traffic detected: 142.251.32.110:443 -> 192.168.11.30:49804 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 142.250.81.225:443 -> 192.168.11.30:49805 version: TLS 1.2
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 0_2_00405553 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405553

        E-Banking Fraud

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000003.00000002.14765009374.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000001.00000002.13227651588.0000000032B50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.14765099123.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: 00000003.00000002.14765009374.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000001.00000002.13227651588.0000000032B50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000003.00000002.14765099123.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E734E0 NtCreateMutant,LdrInitializeThunk,1_2_32E734E0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E72BC0 NtQueryInformationToken,LdrInitializeThunk,1_2_32E72BC0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E72B90 NtFreeVirtualMemory,LdrInitializeThunk,1_2_32E72B90
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E72EB0 NtProtectVirtualMemory,LdrInitializeThunk,1_2_32E72EB0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E72D10 NtQuerySystemInformation,LdrInitializeThunk,1_2_32E72D10
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E74260 NtSetContextThread,1_2_32E74260
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E74570 NtSuspendThread,1_2_32E74570
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E72AC0 NtEnumerateValueKey,1_2_32E72AC0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E72AA0 NtQueryInformationFile,1_2_32E72AA0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E72A80 NtClose,1_2_32E72A80
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E72A10 NtWriteFile,1_2_32E72A10
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E72BE0 NtQueryVirtualMemory,1_2_32E72BE0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E72B80 NtCreateKey,1_2_32E72B80
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E72B20 NtQueryInformationProcess,1_2_32E72B20
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E72B00 NtQueryValueKey,1_2_32E72B00
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E72B10 NtAllocateVirtualMemory,1_2_32E72B10
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E738D0 NtGetContextThread,1_2_32E738D0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E729F0 NtReadFile,1_2_32E729F0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E729D0 NtWaitForSingleObject,1_2_32E729D0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E72EC0 NtQuerySection,1_2_32E72EC0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E72ED0 NtResumeThread,1_2_32E72ED0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E72E80 NtCreateProcessEx,1_2_32E72E80
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E72E50 NtCreateSection,1_2_32E72E50
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E72E00 NtQueueApcThread,1_2_32E72E00
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E72FB0 NtSetValueKey,1_2_32E72FB0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E72F30 NtOpenDirectoryObject,1_2_32E72F30
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E72F00 NtCreateFile,1_2_32E72F00
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E72CF0 NtDelayExecution,1_2_32E72CF0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E72CD0 NtEnumerateKey,1_2_32E72CD0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E73C90 NtOpenThread,1_2_32E73C90
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E72C50 NtUnmapViewOfSection,1_2_32E72C50
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E72C20 NtSetInformationFile,1_2_32E72C20
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E73C30 NtOpenProcessToken,1_2_32E73C30
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E72C30 NtMapViewOfSection,1_2_32E72C30
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E72C10 NtOpenProcess,1_2_32E72C10
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E72DC0 NtAdjustPrivilegesToken,1_2_32E72DC0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E72DA0 NtReadVirtualMemory,1_2_32E72DA0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E72D50 NtWriteVirtualMemory,1_2_32E72D50
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32B2F40C NtQueueApcThread,1_2_32B2F40C
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 2_2_03E0EBD0 SleepEx,NtCreateSection,2_2_03E0EBD0
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 2_2_03E0EDD3 SleepEx,NtResumeThread,2_2_03E0EDD3
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D734E0 NtCreateMutant,LdrInitializeThunk,3_2_02D734E0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D72A80 NtClose,LdrInitializeThunk,3_2_02D72A80
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D72BC0 NtQueryInformationToken,LdrInitializeThunk,3_2_02D72BC0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D72B90 NtFreeVirtualMemory,LdrInitializeThunk,3_2_02D72B90
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D72B80 NtCreateKey,LdrInitializeThunk,3_2_02D72B80
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D72B10 NtAllocateVirtualMemory,LdrInitializeThunk,3_2_02D72B10
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D72B00 NtQueryValueKey,LdrInitializeThunk,3_2_02D72B00
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D729F0 NtReadFile,LdrInitializeThunk,3_2_02D729F0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D72E50 NtCreateSection,LdrInitializeThunk,3_2_02D72E50
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D72F00 NtCreateFile,LdrInitializeThunk,3_2_02D72F00
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D72CF0 NtDelayExecution,LdrInitializeThunk,3_2_02D72CF0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D72C30 NtMapViewOfSection,LdrInitializeThunk,3_2_02D72C30
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D72D10 NtQuerySystemInformation,LdrInitializeThunk,3_2_02D72D10
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D74260 NtSetContextThread,3_2_02D74260
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D74570 NtSuspendThread,3_2_02D74570
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D72AC0 NtEnumerateValueKey,3_2_02D72AC0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D72AA0 NtQueryInformationFile,3_2_02D72AA0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D72A10 NtWriteFile,3_2_02D72A10
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D72BE0 NtQueryVirtualMemory,3_2_02D72BE0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D72B20 NtQueryInformationProcess,3_2_02D72B20
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D738D0 NtGetContextThread,3_2_02D738D0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D729D0 NtWaitForSingleObject,3_2_02D729D0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D72ED0 NtResumeThread,3_2_02D72ED0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D72EC0 NtQuerySection,3_2_02D72EC0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D72E80 NtCreateProcessEx,3_2_02D72E80
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D72EB0 NtProtectVirtualMemory,3_2_02D72EB0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D72E00 NtQueueApcThread,3_2_02D72E00
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D72FB0 NtSetValueKey,3_2_02D72FB0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D72F30 NtOpenDirectoryObject,3_2_02D72F30
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D72CD0 NtEnumerateKey,3_2_02D72CD0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D73C90 NtOpenThread,3_2_02D73C90
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D72C50 NtUnmapViewOfSection,3_2_02D72C50
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D72C10 NtOpenProcess,3_2_02D72C10
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D73C30 NtOpenProcessToken,3_2_02D73C30
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D72C20 NtSetInformationFile,3_2_02D72C20
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D72DC0 NtAdjustPrivilegesToken,3_2_02D72DC0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D72DA0 NtReadVirtualMemory,3_2_02D72DA0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D72D50 NtWriteVirtualMemory,3_2_02D72D50
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02B6EEBA NtQueryInformationProcess,3_2_02B6EEBA
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02B73A48 NtResumeThread,3_2_02B73A48
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02B73728 NtSuspendThread,3_2_02B73728
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02B73408 NtSetContextThread,3_2_02B73408
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02B73D68 NtQueueApcThread,3_2_02B73D68
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 0_2_00403489 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403489
        Source: C:\Users\user\Desktop\FACTURA-002297.exeFile created: C:\Windows\resources\0409Jump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 0_2_00404D900_2_00404D90
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 0_2_00406ABA0_2_00406ABA
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2D2EC1_2_32E2D2EC
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E313801_2_32E31380
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EFF3301_2_32EFF330
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E4E3101_2_32E4E310
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EF70F11_2_32EF70F1
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E4B0D01_2_32E4B0D0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E300A01_2_32E300A0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E7508C1_2_32E7508C
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EEE0761_2_32EEE076
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5B1E01_2_32E5B1E0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E451C01_2_32E451C0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E8717A1_2_32E8717A
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EDD1301_2_32EDD130
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2F1131_2_32E2F113
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32F0010E1_2_32F0010E
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E3C6E01_2_32E3C6E0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EB36EC1_2_32EB36EC
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EFF6F61_2_32EFF6F6
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E406801_2_32E40680
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E646701_2_32E64670
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EED6461_2_32EED646
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EDD62C1_2_32EDD62C
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5C6001_2_32E5C600
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E427601_2_32E42760
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E4A7601_2_32E4A760
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EF67571_2_32EF6757
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E404451_2_32E40445
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EFF5C91_2_32EFF5C9
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EF75C61_2_32EF75C6
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32F0A5261_2_32F0A526
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5FAA01_2_32E5FAA0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EFFA891_2_32EFFA89
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EFEA5B1_2_32EFEA5B
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EFCA131_2_32EFCA13
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EB4BC01_2_32EB4BC0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EFFB2E1_2_32EFFB2E
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E40B101_2_32E40B10
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E7DB191_2_32E7DB19
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EF78F31_2_32EF78F3
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E428C01_2_32E428C0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EB98B21_2_32EB98B2
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E568821_2_32E56882
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E268681_2_32E26868
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E498701_2_32E49870
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5B8701_2_32E5B870
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EFF8721_2_32EFF872
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EE08351_2_32EE0835
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E438001_2_32E43800
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6E8101_2_32E6E810
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E859C01_2_32E859C0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E3E9A01_2_32E3E9A0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EFE9A61_2_32EFE9A6
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E32EE81_2_32E32EE8
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EF9ED21_2_32EF9ED2
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EF0EAD1_2_32EF0EAD
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E41EB21_2_32E41EB2
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EE0E6D1_2_32EE0E6D
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E82E481_2_32E82E48
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E60E501_2_32E60E50
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E46FE01_2_32E46FE0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EF1FC61_2_32EF1FC6
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EFEFBF1_2_32EFEFBF
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EFFF631_2_32EFFF63
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E4CF001_2_32E4CF00
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5FCE01_2_32E5FCE0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32F0ACEB1_2_32F0ACEB
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E58CDF1_2_32E58CDF
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32ED9C981_2_32ED9C98
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E43C601_2_32E43C60
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EF6C691_2_32EF6C69
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EFEC601_2_32EFEC60
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EEEC4C1_2_32EEEC4C
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E4AC201_2_32E4AC20
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E30C121_2_32E30C12
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EDFDF41_2_32EDFDF4
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E49DD01_2_32E49DD0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E52DB01_2_32E52DB0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E40D691_2_32E40D69
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EF7D4C1_2_32EF7D4C
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EFFD271_2_32EFFD27
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E3AD001_2_32E3AD00
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32B2E3071_2_32B2E307
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32B2C9B31_2_32B2C9B3
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32B2E1E81_2_32B2E1E8
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32B2E69D1_2_32B2E69D
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32B2D7081_2_32B2D708
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32B2E46D1_2_32B2E46D
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 2_2_03E18FD32_2_03E18FD3
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 2_2_03E1779E2_2_03E1779E
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 2_2_03E192582_2_03E19258
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 2_2_03E184F32_2_03E184F3
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 2_2_03E190F22_2_03E190F2
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 2_2_03E194882_2_03E19488
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D2D2EC3_2_02D2D2EC
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D313803_2_02D31380
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D4E3103_2_02D4E310
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02DFF3303_2_02DFF330
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D4B0D03_2_02D4B0D0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02DF70F13_2_02DF70F1
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D7508C3_2_02D7508C
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D300A03_2_02D300A0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02DEE0763_2_02DEE076
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D451C03_2_02D451C0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D5B1E03_2_02D5B1E0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D8717A3_2_02D8717A
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D2F1133_2_02D2F113
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02DDD1303_2_02DDD130
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02E0010E3_2_02E0010E
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02DFF6F63_2_02DFF6F6
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D3C6E03_2_02D3C6E0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02DB36EC3_2_02DB36EC
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D406803_2_02D40680
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02DED6463_2_02DED646
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D646703_2_02D64670
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D5C6003_2_02D5C600
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02DDD62C3_2_02DDD62C
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02DF67573_2_02DF6757
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D427603_2_02D42760
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D4A7603_2_02D4A760
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02DAD4803_2_02DAD480
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D404453_2_02D40445
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02DFF5C93_2_02DFF5C9
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02DF75C63_2_02DF75C6
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02E0A5263_2_02E0A526
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02DFFA893_2_02DFFA89
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D5FAA03_2_02D5FAA0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02DFEA5B3_2_02DFEA5B
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02DFCA133_2_02DFCA13
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02DB4BC03_2_02DB4BC0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D40B103_2_02D40B10
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D7DB193_2_02D7DB19
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02DFFB2E3_2_02DFFB2E
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D428C03_2_02D428C0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02DF78F33_2_02DF78F3
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D568823_2_02D56882
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02DB98B23_2_02DB98B2
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D498703_2_02D49870
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D5B8703_2_02D5B870
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02DFF8723_2_02DFF872
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D268683_2_02D26868
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D6E8103_2_02D6E810
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D438003_2_02D43800
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02DE08353_2_02DE0835
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D859C03_2_02D859C0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D3E9A03_2_02D3E9A0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02DFE9A63_2_02DFE9A6
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02DF9ED23_2_02DF9ED2
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D32EE83_2_02D32EE8
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D41EB23_2_02D41EB2
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02DF0EAD3_2_02DF0EAD
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D60E503_2_02D60E50
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D82E483_2_02D82E48
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02DE0E6D3_2_02DE0E6D
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02DF1FC63_2_02DF1FC6
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D46FE03_2_02D46FE0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02DFEFBF3_2_02DFEFBF
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02DFFF633_2_02DFFF63
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D4CF003_2_02D4CF00
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D58CDF3_2_02D58CDF
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02E0ACEB3_2_02E0ACEB
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D5FCE03_2_02D5FCE0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02DD9C983_2_02DD9C98
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02DEEC4C3_2_02DEEC4C
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D43C603_2_02D43C60
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02DF6C693_2_02DF6C69
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02DFEC603_2_02DFEC60
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D30C123_2_02D30C12
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D4AC203_2_02D4AC20
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D49DD03_2_02D49DD0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02DDFDF43_2_02DDFDF4
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D52DB03_2_02D52DB0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02DF7D4C3_2_02DF7D4C
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D40D693_2_02D40D69
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D3AD003_2_02D3AD00
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02DFFD273_2_02DFFD27
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02B6EEBA3_2_02B6EEBA
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02B6E3073_2_02B6E307
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02B6C9B33_2_02B6C9B3
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02B6E1E83_2_02B6E1E8
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02B6E69D3_2_02B6E69D
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02B6D7083_2_02B6D708
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02B6E46D3_2_02B6E46D
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: String function: 32E87BE4 appears 88 times
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: String function: 32EAE692 appears 84 times
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: String function: 32E75050 appears 35 times
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: String function: 32E2B910 appears 265 times
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: String function: 32EBEF10 appears 104 times
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: String function: 02DAE692 appears 85 times
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: String function: 02D2B910 appears 267 times
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: String function: 02D75050 appears 35 times
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: String function: 02D87BE4 appears 88 times
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: String function: 02DBEF10 appears 105 times
        Source: FACTURA-002297.exeStatic PE information: invalid certificate
        Source: FACTURA-002297.exe, 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameloyaliteters radierne.exeR vs FACTURA-002297.exe
        Source: FACTURA-002297.exe, 00000001.00000003.13126720874.0000000032D7B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs FACTURA-002297.exe
        Source: FACTURA-002297.exe, 00000001.00000003.13179961081.0000000002BA1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSeCEditj% vs FACTURA-002297.exe
        Source: FACTURA-002297.exe, 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs FACTURA-002297.exe
        Source: FACTURA-002297.exe, 00000001.00000003.13179961081.0000000002BAF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSeCEditj% vs FACTURA-002297.exe
        Source: FACTURA-002297.exe, 00000001.00000000.12705303582.0000000000457000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameloyaliteters radierne.exeR vs FACTURA-002297.exe
        Source: FACTURA-002297.exe, 00000001.00000002.13227773451.00000000330D0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs FACTURA-002297.exe
        Source: FACTURA-002297.exe, 00000001.00000003.13122847892.0000000032BB9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs FACTURA-002297.exe
        Source: FACTURA-002297.exeBinary or memory string: OriginalFilenameloyaliteters radierne.exeR vs FACTURA-002297.exe
        Source: FACTURA-002297.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: 00000003.00000002.14765009374.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000001.00000002.13227651588.0000000032B50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000003.00000002.14765099123.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: classification engineClassification label: mal100.troj.evad.winEXE@5/8@2/2
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 0_2_00403489 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403489
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 0_2_00404814 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_00404814
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 0_2_004020FE CoCreateInstance,0_2_004020FE
        Source: C:\Users\user\Desktop\FACTURA-002297.exeFile created: C:\Users\user\AppData\Local\Temp\nsyC9F2.tmpJump to behavior
        Source: FACTURA-002297.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\FACTURA-002297.exeFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: FACTURA-002297.exeReversingLabs: Detection: 13%
        Source: C:\Users\user\Desktop\FACTURA-002297.exeFile read: C:\Users\user\Desktop\FACTURA-002297.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\FACTURA-002297.exe "C:\Users\user\Desktop\FACTURA-002297.exe"
        Source: C:\Users\user\Desktop\FACTURA-002297.exeProcess created: C:\Users\user\Desktop\FACTURA-002297.exe "C:\Users\user\Desktop\FACTURA-002297.exe"
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\SecEdit.exe "C:\Windows\SysWOW64\SecEdit.exe"
        Source: C:\Users\user\Desktop\FACTURA-002297.exeProcess created: C:\Users\user\Desktop\FACTURA-002297.exe "C:\Users\user\Desktop\FACTURA-002297.exe"Jump to behavior
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\SecEdit.exe "C:\Windows\SysWOW64\SecEdit.exe"Jump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: oleacc.dllJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: shfolder.dllJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Windows\SysWOW64\SecEdit.exeSection loaded: scecli.dllJump to behavior
        Source: C:\Windows\SysWOW64\SecEdit.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Windows\SysWOW64\SecEdit.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Windows\explorer.exeSection loaded: mfsrcsnk.dllJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeFile written: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Gaulin.iniJump to behavior
        Source: FACTURA-002297.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: SecEdit.pdb source: FACTURA-002297.exe, 00000001.00000002.13215535110.0000000002B5D000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13179961081.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13180075651.0000000002B5D000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdb source: FACTURA-002297.exe, 00000001.00000001.12705991401.0000000000649000.00000020.00000001.01000000.00000007.sdmp
        Source: Binary string: SecEdit.pdbGCTL source: FACTURA-002297.exe, 00000001.00000002.13215535110.0000000002B5D000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13179961081.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13180075651.0000000002B5D000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdbUGP source: FACTURA-002297.exe, 00000001.00000003.13122847892.0000000032A96000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13126720874.0000000032C4E000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, SecEdit.exe, 00000003.00000002.14765387311.0000000002D00000.00000040.00001000.00020000.00000000.sdmp, SecEdit.exe, 00000003.00000002.14765387311.0000000002E2D000.00000040.00001000.00020000.00000000.sdmp, SecEdit.exe, 00000003.00000003.13211211466.00000000029A8000.00000004.00000020.00020000.00000000.sdmp, SecEdit.exe, 00000003.00000003.13214921112.0000000002B56000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: FACTURA-002297.exe, FACTURA-002297.exe, 00000001.00000003.13122847892.0000000032A96000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13126720874.0000000032C4E000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, SecEdit.exe, SecEdit.exe, 00000003.00000002.14765387311.0000000002D00000.00000040.00001000.00020000.00000000.sdmp, SecEdit.exe, 00000003.00000002.14765387311.0000000002E2D000.00000040.00001000.00020000.00000000.sdmp, SecEdit.exe, 00000003.00000003.13211211466.00000000029A8000.00000004.00000020.00020000.00000000.sdmp, SecEdit.exe, 00000003.00000003.13214921112.0000000002B56000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdbUGP source: FACTURA-002297.exe, 00000001.00000001.12705991401.0000000000649000.00000020.00000001.01000000.00000007.sdmp

        Data Obfuscation

        barindex
        Yara detected GuLoader
        Source: Yara matchFile source: 00000000.00000002.12781637657.000000000332A000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 0_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_10001B18
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 0_2_10002DE0 push eax; ret 0_2_10002E0E
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E308CD push ecx; mov dword ptr [esp], ecx1_2_32E308D6
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32B24AD6 push esp; retf 1_2_32B24AAD
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32B24A0A push esp; retf 1_2_32B24AAD
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32B2C8AA push esi; iretd 1_2_32B2C8AD
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32B2B89A pushfd ; ret 1_2_32B2B8B2
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32B2B828 pushfd ; ret 1_2_32B2B8B2
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32B23E36 push edi; ret 1_2_32B23E38
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32B24657 push ecx; ret 1_2_32B24674
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32B24643 push ecx; ret 1_2_32B24674
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32B24407 pushfd ; ret 1_2_32B24408
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32B20DB3 push ebx; iretd 1_2_32B20DB4
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32B20DD3 push ds; ret 1_2_32B20DD4
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 2_2_03E0F7F5 push esp; retf 2_2_03E0F898
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 2_2_03E0BBBE push ds; ret 2_2_03E0BBBF
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 2_2_03E0BB9E push ebx; iretd 2_2_03E0BB9F
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 2_2_03E16685 pushfd ; ret 2_2_03E1669D
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 2_2_03E17695 push esi; iretd 2_2_03E17698
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 2_2_03E16613 pushfd ; ret 2_2_03E1669D
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 2_2_03E0F1F2 pushfd ; ret 2_2_03E0F1F3
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 2_2_03E0F8C1 push esp; retf 2_2_03E0F898
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 2_2_03E0F442 push ecx; ret 2_2_03E0F45F
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 2_2_03E0EC21 push edi; ret 2_2_03E0EC23
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 2_2_03E0F42E push ecx; ret 2_2_03E0F45F
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02D308CD push ecx; mov dword ptr [esp], ecx3_2_02D308D6
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02B6B2B8 push edi; retf 42F6h3_2_02B6B325
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02B64AD6 push esp; retf 3_2_02B64AAD
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02B64A0A push esp; retf 3_2_02B64AAD
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02B6C8AA push esi; iretd 3_2_02B6C8AD
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02B6B89A pushfd ; ret 3_2_02B6B8B2
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 3_2_02B75032 push eax; ret 3_2_02B75034
        Source: C:\Users\user\Desktop\FACTURA-002297.exeFile created: C:\Users\user\AppData\Local\Temp\nsqD01E.tmp\System.dllJump to dropped file
        Source: C:\Users\user\Desktop\FACTURA-002297.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\SecEdit.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

        Malware Analysis System Evasion

        barindex
        Switches to a custom stack to bypass stack traces
        Source: C:\Users\user\Desktop\FACTURA-002297.exeAPI/Special instruction interceptor: Address: 35B9EFF
        Source: C:\Users\user\Desktop\FACTURA-002297.exeAPI/Special instruction interceptor: Address: 19F9EFF
        Source: C:\Users\user\Desktop\FACTURA-002297.exeAPI/Special instruction interceptor: Address: 7FFB6E7D0594
        Source: C:\Users\user\Desktop\FACTURA-002297.exeAPI/Special instruction interceptor: Address: 7FFB6E7CFF74
        Source: C:\Users\user\Desktop\FACTURA-002297.exeAPI/Special instruction interceptor: Address: 7FFB6E7CD6C4
        Source: C:\Users\user\Desktop\FACTURA-002297.exeAPI/Special instruction interceptor: Address: 7FFB6E7CD864
        Source: C:\Windows\SysWOW64\SecEdit.exeAPI/Special instruction interceptor: Address: 7FFB6E7CD144
        Source: C:\Windows\SysWOW64\SecEdit.exeAPI/Special instruction interceptor: Address: 7FFB6E7D0594
        Source: C:\Windows\SysWOW64\SecEdit.exeAPI/Special instruction interceptor: Address: 7FFB6E7CD764
        Source: C:\Windows\SysWOW64\SecEdit.exeAPI/Special instruction interceptor: Address: 7FFB6E7CD324
        Source: C:\Windows\SysWOW64\SecEdit.exeAPI/Special instruction interceptor: Address: 7FFB6E7CD364
        Source: C:\Windows\SysWOW64\SecEdit.exeAPI/Special instruction interceptor: Address: 7FFB6E7CD004
        Source: C:\Windows\SysWOW64\SecEdit.exeAPI/Special instruction interceptor: Address: 7FFB6E7CFF74
        Source: C:\Windows\SysWOW64\SecEdit.exeAPI/Special instruction interceptor: Address: 7FFB6E7CD6C4
        Source: C:\Windows\SysWOW64\SecEdit.exeAPI/Special instruction interceptor: Address: 7FFB6E7CD864
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E71763 rdtsc 1_2_32E71763
        Source: C:\Windows\SysWOW64\SecEdit.exeWindow / User API: threadDelayed 9852Jump to behavior
        Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 887Jump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsqD01E.tmp\System.dllJump to dropped file
        Source: C:\Users\user\Desktop\FACTURA-002297.exeAPI coverage: 0.3 %
        Source: C:\Windows\SysWOW64\SecEdit.exeAPI coverage: 1.1 %
        Source: C:\Windows\SysWOW64\SecEdit.exe TID: 4524Thread sleep count: 122 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\SecEdit.exe TID: 4524Thread sleep time: -244000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\SecEdit.exe TID: 4524Thread sleep count: 9852 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\SecEdit.exe TID: 4524Thread sleep time: -19704000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\SecEdit.exeLast function: Thread delayed
        Source: C:\Windows\SysWOW64\SecEdit.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 0_2_004066F3 FindFirstFileW,FindClose,0_2_004066F3
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 0_2_00405ABE CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405ABE
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 0_2_00402862 FindFirstFileW,0_2_00402862
        Source: SecEdit.exe, 00000003.00000002.14764686330.000000000277D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll#'
        Source: explorer.exe, 00000004.00000000.14692727753.00000000094F4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.17481542953.00000000094F4000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0
        Source: FACTURA-002297.exe, 00000001.00000003.13124152190.0000000002B42000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000002.13215405983.0000000002B42000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14699484326.000000000CDDB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.17505828756.000000000CDDB000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: FACTURA-002297.exe, 00000001.00000002.13215088885.0000000002AD8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@
        Source: C:\Users\user\Desktop\FACTURA-002297.exeAPI call chain: ExitProcess graph end nodegraph_0-4671
        Source: C:\Users\user\Desktop\FACTURA-002297.exeAPI call chain: ExitProcess graph end nodegraph_0-4513
        Source: C:\Windows\SysWOW64\SecEdit.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Windows\SysWOW64\SecEdit.exeProcess queried: DebugPortJump to behavior
        Source: C:\Windows\SysWOW64\SecEdit.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E71763 rdtsc 1_2_32E71763
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E734E0 NtCreateMutant,LdrInitializeThunk,1_2_32E734E0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 0_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_10001B18
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E272E0 mov eax, dword ptr fs:[00000030h]1_2_32E272E0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E3A2E0 mov eax, dword ptr fs:[00000030h]1_2_32E3A2E0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E3A2E0 mov eax, dword ptr fs:[00000030h]1_2_32E3A2E0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E3A2E0 mov eax, dword ptr fs:[00000030h]1_2_32E3A2E0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E3A2E0 mov eax, dword ptr fs:[00000030h]1_2_32E3A2E0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E3A2E0 mov eax, dword ptr fs:[00000030h]1_2_32E3A2E0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E3A2E0 mov eax, dword ptr fs:[00000030h]1_2_32E3A2E0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E382E0 mov eax, dword ptr fs:[00000030h]1_2_32E382E0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E382E0 mov eax, dword ptr fs:[00000030h]1_2_32E382E0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E382E0 mov eax, dword ptr fs:[00000030h]1_2_32E382E0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E382E0 mov eax, dword ptr fs:[00000030h]1_2_32E382E0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2D2EC mov eax, dword ptr fs:[00000030h]1_2_32E2D2EC
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2D2EC mov eax, dword ptr fs:[00000030h]1_2_32E2D2EC
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E402F9 mov eax, dword ptr fs:[00000030h]1_2_32E402F9
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E402F9 mov eax, dword ptr fs:[00000030h]1_2_32E402F9
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E402F9 mov eax, dword ptr fs:[00000030h]1_2_32E402F9
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E402F9 mov eax, dword ptr fs:[00000030h]1_2_32E402F9
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E402F9 mov eax, dword ptr fs:[00000030h]1_2_32E402F9
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E402F9 mov eax, dword ptr fs:[00000030h]1_2_32E402F9
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E402F9 mov eax, dword ptr fs:[00000030h]1_2_32E402F9
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E402F9 mov eax, dword ptr fs:[00000030h]1_2_32E402F9
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E532C5 mov eax, dword ptr fs:[00000030h]1_2_32E532C5
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32F032C9 mov eax, dword ptr fs:[00000030h]1_2_32F032C9
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EEF2AE mov eax, dword ptr fs:[00000030h]1_2_32EEF2AE
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EF92AB mov eax, dword ptr fs:[00000030h]1_2_32EF92AB
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E542AF mov eax, dword ptr fs:[00000030h]1_2_32E542AF
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E542AF mov eax, dword ptr fs:[00000030h]1_2_32E542AF
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32F0B2BC mov eax, dword ptr fs:[00000030h]1_2_32F0B2BC
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32F0B2BC mov eax, dword ptr fs:[00000030h]1_2_32F0B2BC
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32F0B2BC mov eax, dword ptr fs:[00000030h]1_2_32F0B2BC
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32F0B2BC mov eax, dword ptr fs:[00000030h]1_2_32F0B2BC
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E292AF mov eax, dword ptr fs:[00000030h]1_2_32E292AF
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2C2B0 mov ecx, dword ptr fs:[00000030h]1_2_32E2C2B0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EAE289 mov eax, dword ptr fs:[00000030h]1_2_32EAE289
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E37290 mov eax, dword ptr fs:[00000030h]1_2_32E37290
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E37290 mov eax, dword ptr fs:[00000030h]1_2_32E37290
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E37290 mov eax, dword ptr fs:[00000030h]1_2_32E37290
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2B273 mov eax, dword ptr fs:[00000030h]1_2_32E2B273
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2B273 mov eax, dword ptr fs:[00000030h]1_2_32E2B273
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2B273 mov eax, dword ptr fs:[00000030h]1_2_32E2B273
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EC327E mov eax, dword ptr fs:[00000030h]1_2_32EC327E
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EC327E mov eax, dword ptr fs:[00000030h]1_2_32EC327E
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EC327E mov eax, dword ptr fs:[00000030h]1_2_32EC327E
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EC327E mov eax, dword ptr fs:[00000030h]1_2_32EC327E
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EC327E mov eax, dword ptr fs:[00000030h]1_2_32EC327E
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EC327E mov eax, dword ptr fs:[00000030h]1_2_32EC327E
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EED270 mov eax, dword ptr fs:[00000030h]1_2_32EED270
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EEF247 mov eax, dword ptr fs:[00000030h]1_2_32EEF247
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5F24A mov eax, dword ptr fs:[00000030h]1_2_32E5F24A
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EB0227 mov eax, dword ptr fs:[00000030h]1_2_32EB0227
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EB0227 mov eax, dword ptr fs:[00000030h]1_2_32EB0227
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EB0227 mov eax, dword ptr fs:[00000030h]1_2_32EB0227
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6A22B mov eax, dword ptr fs:[00000030h]1_2_32E6A22B
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6A22B mov eax, dword ptr fs:[00000030h]1_2_32E6A22B
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6A22B mov eax, dword ptr fs:[00000030h]1_2_32E6A22B
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E50230 mov ecx, dword ptr fs:[00000030h]1_2_32E50230
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2A200 mov eax, dword ptr fs:[00000030h]1_2_32E2A200
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2821B mov eax, dword ptr fs:[00000030h]1_2_32E2821B
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EBB214 mov eax, dword ptr fs:[00000030h]1_2_32EBB214
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EBB214 mov eax, dword ptr fs:[00000030h]1_2_32EBB214
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2E3C0 mov eax, dword ptr fs:[00000030h]1_2_32E2E3C0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2E3C0 mov eax, dword ptr fs:[00000030h]1_2_32E2E3C0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2E3C0 mov eax, dword ptr fs:[00000030h]1_2_32E2E3C0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2C3C7 mov eax, dword ptr fs:[00000030h]1_2_32E2C3C7
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E363CB mov eax, dword ptr fs:[00000030h]1_2_32E363CB
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E633D0 mov eax, dword ptr fs:[00000030h]1_2_32E633D0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E643D0 mov ecx, dword ptr fs:[00000030h]1_2_32E643D0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EB43D5 mov eax, dword ptr fs:[00000030h]1_2_32EB43D5
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E393A6 mov eax, dword ptr fs:[00000030h]1_2_32E393A6
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E393A6 mov eax, dword ptr fs:[00000030h]1_2_32E393A6
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EAC3B0 mov eax, dword ptr fs:[00000030h]1_2_32EAC3B0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E31380 mov eax, dword ptr fs:[00000030h]1_2_32E31380
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E31380 mov eax, dword ptr fs:[00000030h]1_2_32E31380
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E31380 mov eax, dword ptr fs:[00000030h]1_2_32E31380
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E31380 mov eax, dword ptr fs:[00000030h]1_2_32E31380
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E31380 mov eax, dword ptr fs:[00000030h]1_2_32E31380
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E4F380 mov eax, dword ptr fs:[00000030h]1_2_32E4F380
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E4F380 mov eax, dword ptr fs:[00000030h]1_2_32E4F380
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E4F380 mov eax, dword ptr fs:[00000030h]1_2_32E4F380
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E4F380 mov eax, dword ptr fs:[00000030h]1_2_32E4F380
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E4F380 mov eax, dword ptr fs:[00000030h]1_2_32E4F380
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E4F380 mov eax, dword ptr fs:[00000030h]1_2_32E4F380
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EEF38A mov eax, dword ptr fs:[00000030h]1_2_32EEF38A
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5A390 mov eax, dword ptr fs:[00000030h]1_2_32E5A390
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5A390 mov eax, dword ptr fs:[00000030h]1_2_32E5A390
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5A390 mov eax, dword ptr fs:[00000030h]1_2_32E5A390
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E3B360 mov eax, dword ptr fs:[00000030h]1_2_32E3B360
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E3B360 mov eax, dword ptr fs:[00000030h]1_2_32E3B360
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E3B360 mov eax, dword ptr fs:[00000030h]1_2_32E3B360
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E3B360 mov eax, dword ptr fs:[00000030h]1_2_32E3B360
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E3B360 mov eax, dword ptr fs:[00000030h]1_2_32E3B360
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E3B360 mov eax, dword ptr fs:[00000030h]1_2_32E3B360
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6E363 mov eax, dword ptr fs:[00000030h]1_2_32E6E363
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6E363 mov eax, dword ptr fs:[00000030h]1_2_32E6E363
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6E363 mov eax, dword ptr fs:[00000030h]1_2_32E6E363
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6E363 mov eax, dword ptr fs:[00000030h]1_2_32E6E363
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6E363 mov eax, dword ptr fs:[00000030h]1_2_32E6E363
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6E363 mov eax, dword ptr fs:[00000030h]1_2_32E6E363
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6E363 mov eax, dword ptr fs:[00000030h]1_2_32E6E363
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6E363 mov eax, dword ptr fs:[00000030h]1_2_32E6E363
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EAE372 mov eax, dword ptr fs:[00000030h]1_2_32EAE372
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EAE372 mov eax, dword ptr fs:[00000030h]1_2_32EAE372
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EAE372 mov eax, dword ptr fs:[00000030h]1_2_32EAE372
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EAE372 mov eax, dword ptr fs:[00000030h]1_2_32EAE372
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EB0371 mov eax, dword ptr fs:[00000030h]1_2_32EB0371
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EB0371 mov eax, dword ptr fs:[00000030h]1_2_32EB0371
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5237A mov eax, dword ptr fs:[00000030h]1_2_32E5237A
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E28347 mov eax, dword ptr fs:[00000030h]1_2_32E28347
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E28347 mov eax, dword ptr fs:[00000030h]1_2_32E28347
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E28347 mov eax, dword ptr fs:[00000030h]1_2_32E28347
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6A350 mov eax, dword ptr fs:[00000030h]1_2_32E6A350
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E68322 mov eax, dword ptr fs:[00000030h]1_2_32E68322
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E68322 mov eax, dword ptr fs:[00000030h]1_2_32E68322
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E68322 mov eax, dword ptr fs:[00000030h]1_2_32E68322
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32F03336 mov eax, dword ptr fs:[00000030h]1_2_32F03336
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5332D mov eax, dword ptr fs:[00000030h]1_2_32E5332D
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2E328 mov eax, dword ptr fs:[00000030h]1_2_32E2E328
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2E328 mov eax, dword ptr fs:[00000030h]1_2_32E2E328
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2E328 mov eax, dword ptr fs:[00000030h]1_2_32E2E328
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E29303 mov eax, dword ptr fs:[00000030h]1_2_32E29303
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E29303 mov eax, dword ptr fs:[00000030h]1_2_32E29303
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EEF30A mov eax, dword ptr fs:[00000030h]1_2_32EEF30A
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EB330C mov eax, dword ptr fs:[00000030h]1_2_32EB330C
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EB330C mov eax, dword ptr fs:[00000030h]1_2_32EB330C
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EB330C mov eax, dword ptr fs:[00000030h]1_2_32EB330C
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EB330C mov eax, dword ptr fs:[00000030h]1_2_32EB330C
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E4E310 mov eax, dword ptr fs:[00000030h]1_2_32E4E310
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E4E310 mov eax, dword ptr fs:[00000030h]1_2_32E4E310
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E4E310 mov eax, dword ptr fs:[00000030h]1_2_32E4E310
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6631F mov eax, dword ptr fs:[00000030h]1_2_32E6631F
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2C0F6 mov eax, dword ptr fs:[00000030h]1_2_32E2C0F6
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6D0F0 mov eax, dword ptr fs:[00000030h]1_2_32E6D0F0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6D0F0 mov ecx, dword ptr fs:[00000030h]1_2_32E6D0F0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E290F8 mov eax, dword ptr fs:[00000030h]1_2_32E290F8
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E290F8 mov eax, dword ptr fs:[00000030h]1_2_32E290F8
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E290F8 mov eax, dword ptr fs:[00000030h]1_2_32E290F8
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E290F8 mov eax, dword ptr fs:[00000030h]1_2_32E290F8
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E4B0D0 mov eax, dword ptr fs:[00000030h]1_2_32E4B0D0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2B0D6 mov eax, dword ptr fs:[00000030h]1_2_32E2B0D6
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2B0D6 mov eax, dword ptr fs:[00000030h]1_2_32E2B0D6
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2B0D6 mov eax, dword ptr fs:[00000030h]1_2_32E2B0D6
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2B0D6 mov eax, dword ptr fs:[00000030h]1_2_32E2B0D6
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EEB0AF mov eax, dword ptr fs:[00000030h]1_2_32EEB0AF
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E700A5 mov eax, dword ptr fs:[00000030h]1_2_32E700A5
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32F050B7 mov eax, dword ptr fs:[00000030h]1_2_32F050B7
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EDF0A5 mov eax, dword ptr fs:[00000030h]1_2_32EDF0A5
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EDF0A5 mov eax, dword ptr fs:[00000030h]1_2_32EDF0A5
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EDF0A5 mov eax, dword ptr fs:[00000030h]1_2_32EDF0A5
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EDF0A5 mov eax, dword ptr fs:[00000030h]1_2_32EDF0A5
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EDF0A5 mov eax, dword ptr fs:[00000030h]1_2_32EDF0A5
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EDF0A5 mov eax, dword ptr fs:[00000030h]1_2_32EDF0A5
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EDF0A5 mov eax, dword ptr fs:[00000030h]1_2_32EDF0A5
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32F04080 mov eax, dword ptr fs:[00000030h]1_2_32F04080
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32F04080 mov eax, dword ptr fs:[00000030h]1_2_32F04080
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32F04080 mov eax, dword ptr fs:[00000030h]1_2_32F04080
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32F04080 mov eax, dword ptr fs:[00000030h]1_2_32F04080
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32F04080 mov eax, dword ptr fs:[00000030h]1_2_32F04080
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32F04080 mov eax, dword ptr fs:[00000030h]1_2_32F04080
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32F04080 mov eax, dword ptr fs:[00000030h]1_2_32F04080
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2A093 mov ecx, dword ptr fs:[00000030h]1_2_32E2A093
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2C090 mov eax, dword ptr fs:[00000030h]1_2_32E2C090
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32ED9060 mov eax, dword ptr fs:[00000030h]1_2_32ED9060
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E37072 mov eax, dword ptr fs:[00000030h]1_2_32E37072
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E36074 mov eax, dword ptr fs:[00000030h]1_2_32E36074
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E36074 mov eax, dword ptr fs:[00000030h]1_2_32E36074
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E60044 mov eax, dword ptr fs:[00000030h]1_2_32E60044
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32F0505B mov eax, dword ptr fs:[00000030h]1_2_32F0505B
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E31051 mov eax, dword ptr fs:[00000030h]1_2_32E31051
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E31051 mov eax, dword ptr fs:[00000030h]1_2_32E31051
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2D02D mov eax, dword ptr fs:[00000030h]1_2_32E2D02D
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E55004 mov eax, dword ptr fs:[00000030h]1_2_32E55004
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E55004 mov ecx, dword ptr fs:[00000030h]1_2_32E55004
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E38009 mov eax, dword ptr fs:[00000030h]1_2_32E38009
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E72010 mov ecx, dword ptr fs:[00000030h]1_2_32E72010
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E3A1E3 mov eax, dword ptr fs:[00000030h]1_2_32E3A1E3
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E3A1E3 mov eax, dword ptr fs:[00000030h]1_2_32E3A1E3
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E3A1E3 mov eax, dword ptr fs:[00000030h]1_2_32E3A1E3
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E3A1E3 mov eax, dword ptr fs:[00000030h]1_2_32E3A1E3
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E3A1E3 mov eax, dword ptr fs:[00000030h]1_2_32E3A1E3
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EF81EE mov eax, dword ptr fs:[00000030h]1_2_32EF81EE
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EF81EE mov eax, dword ptr fs:[00000030h]1_2_32EF81EE
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5B1E0 mov eax, dword ptr fs:[00000030h]1_2_32E5B1E0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5B1E0 mov eax, dword ptr fs:[00000030h]1_2_32E5B1E0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5B1E0 mov eax, dword ptr fs:[00000030h]1_2_32E5B1E0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5B1E0 mov eax, dword ptr fs:[00000030h]1_2_32E5B1E0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5B1E0 mov eax, dword ptr fs:[00000030h]1_2_32E5B1E0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5B1E0 mov eax, dword ptr fs:[00000030h]1_2_32E5B1E0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5B1E0 mov eax, dword ptr fs:[00000030h]1_2_32E5B1E0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E391E5 mov eax, dword ptr fs:[00000030h]1_2_32E391E5
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E391E5 mov eax, dword ptr fs:[00000030h]1_2_32E391E5
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E281EB mov eax, dword ptr fs:[00000030h]1_2_32E281EB
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E291F0 mov eax, dword ptr fs:[00000030h]1_2_32E291F0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E291F0 mov eax, dword ptr fs:[00000030h]1_2_32E291F0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E401F1 mov eax, dword ptr fs:[00000030h]1_2_32E401F1
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E401F1 mov eax, dword ptr fs:[00000030h]1_2_32E401F1
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E401F1 mov eax, dword ptr fs:[00000030h]1_2_32E401F1
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5F1F0 mov eax, dword ptr fs:[00000030h]1_2_32E5F1F0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5F1F0 mov eax, dword ptr fs:[00000030h]1_2_32E5F1F0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E401C0 mov eax, dword ptr fs:[00000030h]1_2_32E401C0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E401C0 mov eax, dword ptr fs:[00000030h]1_2_32E401C0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E451C0 mov eax, dword ptr fs:[00000030h]1_2_32E451C0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E451C0 mov eax, dword ptr fs:[00000030h]1_2_32E451C0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E451C0 mov eax, dword ptr fs:[00000030h]1_2_32E451C0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E451C0 mov eax, dword ptr fs:[00000030h]1_2_32E451C0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6E1A4 mov eax, dword ptr fs:[00000030h]1_2_32E6E1A4
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6E1A4 mov eax, dword ptr fs:[00000030h]1_2_32E6E1A4
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32F051B6 mov eax, dword ptr fs:[00000030h]1_2_32F051B6
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E631BE mov eax, dword ptr fs:[00000030h]1_2_32E631BE
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E631BE mov eax, dword ptr fs:[00000030h]1_2_32E631BE
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E641BB mov ecx, dword ptr fs:[00000030h]1_2_32E641BB
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E641BB mov eax, dword ptr fs:[00000030h]1_2_32E641BB
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E641BB mov eax, dword ptr fs:[00000030h]1_2_32E641BB
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E34180 mov eax, dword ptr fs:[00000030h]1_2_32E34180
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E34180 mov eax, dword ptr fs:[00000030h]1_2_32E34180
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E34180 mov eax, dword ptr fs:[00000030h]1_2_32E34180
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E59194 mov eax, dword ptr fs:[00000030h]1_2_32E59194
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E71190 mov eax, dword ptr fs:[00000030h]1_2_32E71190
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E71190 mov eax, dword ptr fs:[00000030h]1_2_32E71190
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6716D mov eax, dword ptr fs:[00000030h]1_2_32E6716D
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E8717A mov eax, dword ptr fs:[00000030h]1_2_32E8717A
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E8717A mov eax, dword ptr fs:[00000030h]1_2_32E8717A
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E36179 mov eax, dword ptr fs:[00000030h]1_2_32E36179
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2A147 mov eax, dword ptr fs:[00000030h]1_2_32E2A147
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2A147 mov eax, dword ptr fs:[00000030h]1_2_32E2A147
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2A147 mov eax, dword ptr fs:[00000030h]1_2_32E2A147
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EC314A mov eax, dword ptr fs:[00000030h]1_2_32EC314A
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EC314A mov eax, dword ptr fs:[00000030h]1_2_32EC314A
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EC314A mov eax, dword ptr fs:[00000030h]1_2_32EC314A
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EC314A mov eax, dword ptr fs:[00000030h]1_2_32EC314A
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32F03157 mov eax, dword ptr fs:[00000030h]1_2_32F03157
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32F03157 mov eax, dword ptr fs:[00000030h]1_2_32F03157
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32F03157 mov eax, dword ptr fs:[00000030h]1_2_32F03157
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32F05149 mov eax, dword ptr fs:[00000030h]1_2_32F05149
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6415F mov eax, dword ptr fs:[00000030h]1_2_32E6415F
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E67128 mov eax, dword ptr fs:[00000030h]1_2_32E67128
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E67128 mov eax, dword ptr fs:[00000030h]1_2_32E67128
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EEF13E mov eax, dword ptr fs:[00000030h]1_2_32EEF13E
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EBA130 mov eax, dword ptr fs:[00000030h]1_2_32EBA130
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5510F mov eax, dword ptr fs:[00000030h]1_2_32E5510F
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5510F mov eax, dword ptr fs:[00000030h]1_2_32E5510F
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5510F mov eax, dword ptr fs:[00000030h]1_2_32E5510F
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5510F mov eax, dword ptr fs:[00000030h]1_2_32E5510F
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5510F mov eax, dword ptr fs:[00000030h]1_2_32E5510F
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5510F mov eax, dword ptr fs:[00000030h]1_2_32E5510F
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5510F mov eax, dword ptr fs:[00000030h]1_2_32E5510F
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5510F mov eax, dword ptr fs:[00000030h]1_2_32E5510F
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5510F mov eax, dword ptr fs:[00000030h]1_2_32E5510F
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5510F mov eax, dword ptr fs:[00000030h]1_2_32E5510F
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5510F mov eax, dword ptr fs:[00000030h]1_2_32E5510F
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5510F mov eax, dword ptr fs:[00000030h]1_2_32E5510F
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5510F mov eax, dword ptr fs:[00000030h]1_2_32E5510F
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E3510D mov eax, dword ptr fs:[00000030h]1_2_32E3510D
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2F113 mov eax, dword ptr fs:[00000030h]1_2_32E2F113
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2F113 mov eax, dword ptr fs:[00000030h]1_2_32E2F113
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2F113 mov eax, dword ptr fs:[00000030h]1_2_32E2F113
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2F113 mov eax, dword ptr fs:[00000030h]1_2_32E2F113
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2F113 mov eax, dword ptr fs:[00000030h]1_2_32E2F113
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2F113 mov eax, dword ptr fs:[00000030h]1_2_32E2F113
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2F113 mov eax, dword ptr fs:[00000030h]1_2_32E2F113
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2F113 mov eax, dword ptr fs:[00000030h]1_2_32E2F113
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2F113 mov eax, dword ptr fs:[00000030h]1_2_32E2F113
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2F113 mov eax, dword ptr fs:[00000030h]1_2_32E2F113
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2F113 mov eax, dword ptr fs:[00000030h]1_2_32E2F113
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2F113 mov eax, dword ptr fs:[00000030h]1_2_32E2F113
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2F113 mov eax, dword ptr fs:[00000030h]1_2_32E2F113
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2F113 mov eax, dword ptr fs:[00000030h]1_2_32E2F113
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2F113 mov eax, dword ptr fs:[00000030h]1_2_32E2F113
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2F113 mov eax, dword ptr fs:[00000030h]1_2_32E2F113
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2F113 mov eax, dword ptr fs:[00000030h]1_2_32E2F113
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2F113 mov eax, dword ptr fs:[00000030h]1_2_32E2F113
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2F113 mov eax, dword ptr fs:[00000030h]1_2_32E2F113
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2F113 mov eax, dword ptr fs:[00000030h]1_2_32E2F113
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2F113 mov eax, dword ptr fs:[00000030h]1_2_32E2F113
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E60118 mov eax, dword ptr fs:[00000030h]1_2_32E60118
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E296E0 mov eax, dword ptr fs:[00000030h]1_2_32E296E0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E296E0 mov eax, dword ptr fs:[00000030h]1_2_32E296E0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E3C6E0 mov eax, dword ptr fs:[00000030h]1_2_32E3C6E0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E356E0 mov eax, dword ptr fs:[00000030h]1_2_32E356E0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E356E0 mov eax, dword ptr fs:[00000030h]1_2_32E356E0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E356E0 mov eax, dword ptr fs:[00000030h]1_2_32E356E0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E566E0 mov eax, dword ptr fs:[00000030h]1_2_32E566E0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E566E0 mov eax, dword ptr fs:[00000030h]1_2_32E566E0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EAC6F2 mov eax, dword ptr fs:[00000030h]1_2_32EAC6F2
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EAC6F2 mov eax, dword ptr fs:[00000030h]1_2_32EAC6F2
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E306CF mov eax, dword ptr fs:[00000030h]1_2_32E306CF
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32ED86C2 mov eax, dword ptr fs:[00000030h]1_2_32ED86C2
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5D6D0 mov eax, dword ptr fs:[00000030h]1_2_32E5D6D0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EF86A8 mov eax, dword ptr fs:[00000030h]1_2_32EF86A8
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EF86A8 mov eax, dword ptr fs:[00000030h]1_2_32EF86A8
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EEF68C mov eax, dword ptr fs:[00000030h]1_2_32EEF68C
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E40680 mov eax, dword ptr fs:[00000030h]1_2_32E40680
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E40680 mov eax, dword ptr fs:[00000030h]1_2_32E40680
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E40680 mov eax, dword ptr fs:[00000030h]1_2_32E40680
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E40680 mov eax, dword ptr fs:[00000030h]1_2_32E40680
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E40680 mov eax, dword ptr fs:[00000030h]1_2_32E40680
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E40680 mov eax, dword ptr fs:[00000030h]1_2_32E40680
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E40680 mov eax, dword ptr fs:[00000030h]1_2_32E40680
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E40680 mov eax, dword ptr fs:[00000030h]1_2_32E40680
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E40680 mov eax, dword ptr fs:[00000030h]1_2_32E40680
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E40680 mov eax, dword ptr fs:[00000030h]1_2_32E40680
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E40680 mov eax, dword ptr fs:[00000030h]1_2_32E40680
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E40680 mov eax, dword ptr fs:[00000030h]1_2_32E40680
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E38690 mov eax, dword ptr fs:[00000030h]1_2_32E38690
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EBC691 mov eax, dword ptr fs:[00000030h]1_2_32EBC691
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E27662 mov eax, dword ptr fs:[00000030h]1_2_32E27662
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E27662 mov eax, dword ptr fs:[00000030h]1_2_32E27662
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E27662 mov eax, dword ptr fs:[00000030h]1_2_32E27662
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E43660 mov eax, dword ptr fs:[00000030h]1_2_32E43660
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E43660 mov eax, dword ptr fs:[00000030h]1_2_32E43660
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E43660 mov eax, dword ptr fs:[00000030h]1_2_32E43660
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6666D mov esi, dword ptr fs:[00000030h]1_2_32E6666D
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6666D mov eax, dword ptr fs:[00000030h]1_2_32E6666D
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6666D mov eax, dword ptr fs:[00000030h]1_2_32E6666D
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E30670 mov eax, dword ptr fs:[00000030h]1_2_32E30670
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E72670 mov eax, dword ptr fs:[00000030h]1_2_32E72670
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E72670 mov eax, dword ptr fs:[00000030h]1_2_32E72670
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E33640 mov eax, dword ptr fs:[00000030h]1_2_32E33640
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E4F640 mov eax, dword ptr fs:[00000030h]1_2_32E4F640
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E4F640 mov eax, dword ptr fs:[00000030h]1_2_32E4F640
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E4F640 mov eax, dword ptr fs:[00000030h]1_2_32E4F640
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6C640 mov eax, dword ptr fs:[00000030h]1_2_32E6C640
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6C640 mov eax, dword ptr fs:[00000030h]1_2_32E6C640
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2D64A mov eax, dword ptr fs:[00000030h]1_2_32E2D64A
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2D64A mov eax, dword ptr fs:[00000030h]1_2_32E2D64A
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E65654 mov eax, dword ptr fs:[00000030h]1_2_32E65654
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E3965A mov eax, dword ptr fs:[00000030h]1_2_32E3965A
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E3965A mov eax, dword ptr fs:[00000030h]1_2_32E3965A
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6265C mov eax, dword ptr fs:[00000030h]1_2_32E6265C
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6265C mov ecx, dword ptr fs:[00000030h]1_2_32E6265C
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6265C mov eax, dword ptr fs:[00000030h]1_2_32E6265C
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E37623 mov eax, dword ptr fs:[00000030h]1_2_32E37623
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EDD62C mov ecx, dword ptr fs:[00000030h]1_2_32EDD62C
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EDD62C mov ecx, dword ptr fs:[00000030h]1_2_32EDD62C
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EDD62C mov eax, dword ptr fs:[00000030h]1_2_32EDD62C
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E35622 mov eax, dword ptr fs:[00000030h]1_2_32E35622
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E35622 mov eax, dword ptr fs:[00000030h]1_2_32E35622
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6C620 mov eax, dword ptr fs:[00000030h]1_2_32E6C620
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E30630 mov eax, dword ptr fs:[00000030h]1_2_32E30630
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E60630 mov eax, dword ptr fs:[00000030h]1_2_32E60630
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EB8633 mov esi, dword ptr fs:[00000030h]1_2_32EB8633
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EB8633 mov eax, dword ptr fs:[00000030h]1_2_32EB8633
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EB8633 mov eax, dword ptr fs:[00000030h]1_2_32EB8633
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6F63F mov eax, dword ptr fs:[00000030h]1_2_32E6F63F
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6F63F mov eax, dword ptr fs:[00000030h]1_2_32E6F63F
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EC3608 mov eax, dword ptr fs:[00000030h]1_2_32EC3608
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EC3608 mov eax, dword ptr fs:[00000030h]1_2_32EC3608
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EC3608 mov eax, dword ptr fs:[00000030h]1_2_32EC3608
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EC3608 mov eax, dword ptr fs:[00000030h]1_2_32EC3608
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EC3608 mov eax, dword ptr fs:[00000030h]1_2_32EC3608
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EC3608 mov eax, dword ptr fs:[00000030h]1_2_32EC3608
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5D600 mov eax, dword ptr fs:[00000030h]1_2_32E5D600
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5D600 mov eax, dword ptr fs:[00000030h]1_2_32E5D600
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EEF607 mov eax, dword ptr fs:[00000030h]1_2_32EEF607
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6360F mov eax, dword ptr fs:[00000030h]1_2_32E6360F
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32F04600 mov eax, dword ptr fs:[00000030h]1_2_32F04600
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5E7E0 mov eax, dword ptr fs:[00000030h]1_2_32E5E7E0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E337E4 mov eax, dword ptr fs:[00000030h]1_2_32E337E4
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E337E4 mov eax, dword ptr fs:[00000030h]1_2_32E337E4
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E337E4 mov eax, dword ptr fs:[00000030h]1_2_32E337E4
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E337E4 mov eax, dword ptr fs:[00000030h]1_2_32E337E4
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E337E4 mov eax, dword ptr fs:[00000030h]1_2_32E337E4
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E337E4 mov eax, dword ptr fs:[00000030h]1_2_32E337E4
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E337E4 mov eax, dword ptr fs:[00000030h]1_2_32E337E4
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E377F9 mov eax, dword ptr fs:[00000030h]1_2_32E377F9
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E377F9 mov eax, dword ptr fs:[00000030h]1_2_32E377F9
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EEF7CF mov eax, dword ptr fs:[00000030h]1_2_32EEF7CF
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E307A7 mov eax, dword ptr fs:[00000030h]1_2_32E307A7
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EFD7A7 mov eax, dword ptr fs:[00000030h]1_2_32EFD7A7
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EFD7A7 mov eax, dword ptr fs:[00000030h]1_2_32EFD7A7
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EFD7A7 mov eax, dword ptr fs:[00000030h]1_2_32EFD7A7
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32F017BC mov eax, dword ptr fs:[00000030h]1_2_32F017BC
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E61796 mov eax, dword ptr fs:[00000030h]1_2_32E61796
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E61796 mov eax, dword ptr fs:[00000030h]1_2_32E61796
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32F0B781 mov eax, dword ptr fs:[00000030h]1_2_32F0B781
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32F0B781 mov eax, dword ptr fs:[00000030h]1_2_32F0B781
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EAE79D mov eax, dword ptr fs:[00000030h]1_2_32EAE79D
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EAE79D mov eax, dword ptr fs:[00000030h]1_2_32EAE79D
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EAE79D mov eax, dword ptr fs:[00000030h]1_2_32EAE79D
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EAE79D mov eax, dword ptr fs:[00000030h]1_2_32EAE79D
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EAE79D mov eax, dword ptr fs:[00000030h]1_2_32EAE79D
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EAE79D mov eax, dword ptr fs:[00000030h]1_2_32EAE79D
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EAE79D mov eax, dword ptr fs:[00000030h]1_2_32EAE79D
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EAE79D mov eax, dword ptr fs:[00000030h]1_2_32EAE79D
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EAE79D mov eax, dword ptr fs:[00000030h]1_2_32EAE79D
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E42760 mov ecx, dword ptr fs:[00000030h]1_2_32E42760
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E71763 mov eax, dword ptr fs:[00000030h]1_2_32E71763
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E71763 mov eax, dword ptr fs:[00000030h]1_2_32E71763
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E71763 mov eax, dword ptr fs:[00000030h]1_2_32E71763
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E71763 mov eax, dword ptr fs:[00000030h]1_2_32E71763
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E71763 mov eax, dword ptr fs:[00000030h]1_2_32E71763
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E71763 mov eax, dword ptr fs:[00000030h]1_2_32E71763
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E60774 mov eax, dword ptr fs:[00000030h]1_2_32E60774
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E34779 mov eax, dword ptr fs:[00000030h]1_2_32E34779
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E34779 mov eax, dword ptr fs:[00000030h]1_2_32E34779
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E63740 mov eax, dword ptr fs:[00000030h]1_2_32E63740
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6174A mov eax, dword ptr fs:[00000030h]1_2_32E6174A
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E52755 mov eax, dword ptr fs:[00000030h]1_2_32E52755
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E52755 mov eax, dword ptr fs:[00000030h]1_2_32E52755
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E52755 mov eax, dword ptr fs:[00000030h]1_2_32E52755
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E52755 mov ecx, dword ptr fs:[00000030h]1_2_32E52755
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E52755 mov eax, dword ptr fs:[00000030h]1_2_32E52755
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E52755 mov eax, dword ptr fs:[00000030h]1_2_32E52755
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6A750 mov eax, dword ptr fs:[00000030h]1_2_32E6A750
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2F75B mov eax, dword ptr fs:[00000030h]1_2_32E2F75B
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2F75B mov eax, dword ptr fs:[00000030h]1_2_32E2F75B
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2F75B mov eax, dword ptr fs:[00000030h]1_2_32E2F75B
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2F75B mov eax, dword ptr fs:[00000030h]1_2_32E2F75B
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2F75B mov eax, dword ptr fs:[00000030h]1_2_32E2F75B
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2F75B mov eax, dword ptr fs:[00000030h]1_2_32E2F75B
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2F75B mov eax, dword ptr fs:[00000030h]1_2_32E2F75B
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2F75B mov eax, dword ptr fs:[00000030h]1_2_32E2F75B
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2F75B mov eax, dword ptr fs:[00000030h]1_2_32E2F75B
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EDE750 mov eax, dword ptr fs:[00000030h]1_2_32EDE750
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E59723 mov eax, dword ptr fs:[00000030h]1_2_32E59723
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E3D700 mov ecx, dword ptr fs:[00000030h]1_2_32E3D700
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2B705 mov eax, dword ptr fs:[00000030h]1_2_32E2B705
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2B705 mov eax, dword ptr fs:[00000030h]1_2_32E2B705
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2B705 mov eax, dword ptr fs:[00000030h]1_2_32E2B705
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2B705 mov eax, dword ptr fs:[00000030h]1_2_32E2B705
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5270D mov eax, dword ptr fs:[00000030h]1_2_32E5270D
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5270D mov eax, dword ptr fs:[00000030h]1_2_32E5270D
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5270D mov eax, dword ptr fs:[00000030h]1_2_32E5270D
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E3471B mov eax, dword ptr fs:[00000030h]1_2_32E3471B
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E3471B mov eax, dword ptr fs:[00000030h]1_2_32E3471B
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EEF717 mov eax, dword ptr fs:[00000030h]1_2_32EEF717
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E654E0 mov eax, dword ptr fs:[00000030h]1_2_32E654E0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6E4EF mov eax, dword ptr fs:[00000030h]1_2_32E6E4EF
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6E4EF mov eax, dword ptr fs:[00000030h]1_2_32E6E4EF
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EEF4FD mov eax, dword ptr fs:[00000030h]1_2_32EEF4FD
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E364F0 mov eax, dword ptr fs:[00000030h]1_2_32E364F0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6A4F0 mov eax, dword ptr fs:[00000030h]1_2_32E6A4F0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6A4F0 mov eax, dword ptr fs:[00000030h]1_2_32E6A4F0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E594FA mov eax, dword ptr fs:[00000030h]1_2_32E594FA
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E514C9 mov eax, dword ptr fs:[00000030h]1_2_32E514C9
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E514C9 mov eax, dword ptr fs:[00000030h]1_2_32E514C9
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E514C9 mov eax, dword ptr fs:[00000030h]1_2_32E514C9
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E514C9 mov eax, dword ptr fs:[00000030h]1_2_32E514C9
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E514C9 mov eax, dword ptr fs:[00000030h]1_2_32E514C9
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E544D1 mov eax, dword ptr fs:[00000030h]1_2_32E544D1
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E544D1 mov eax, dword ptr fs:[00000030h]1_2_32E544D1
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5F4D0 mov eax, dword ptr fs:[00000030h]1_2_32E5F4D0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5F4D0 mov eax, dword ptr fs:[00000030h]1_2_32E5F4D0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5F4D0 mov eax, dword ptr fs:[00000030h]1_2_32E5F4D0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5F4D0 mov eax, dword ptr fs:[00000030h]1_2_32E5F4D0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5F4D0 mov eax, dword ptr fs:[00000030h]1_2_32E5F4D0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5F4D0 mov eax, dword ptr fs:[00000030h]1_2_32E5F4D0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5F4D0 mov eax, dword ptr fs:[00000030h]1_2_32E5F4D0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5F4D0 mov eax, dword ptr fs:[00000030h]1_2_32E5F4D0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5F4D0 mov eax, dword ptr fs:[00000030h]1_2_32E5F4D0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E324A2 mov eax, dword ptr fs:[00000030h]1_2_32E324A2
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E324A2 mov ecx, dword ptr fs:[00000030h]1_2_32E324A2
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EBD4A0 mov ecx, dword ptr fs:[00000030h]1_2_32EBD4A0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EBD4A0 mov eax, dword ptr fs:[00000030h]1_2_32EBD4A0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EBD4A0 mov eax, dword ptr fs:[00000030h]1_2_32EBD4A0
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E644A8 mov eax, dword ptr fs:[00000030h]1_2_32E644A8
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6E4BC mov eax, dword ptr fs:[00000030h]1_2_32E6E4BC
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E30485 mov ecx, dword ptr fs:[00000030h]1_2_32E30485
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6648A mov eax, dword ptr fs:[00000030h]1_2_32E6648A
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6648A mov eax, dword ptr fs:[00000030h]1_2_32E6648A
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6648A mov eax, dword ptr fs:[00000030h]1_2_32E6648A
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6B490 mov eax, dword ptr fs:[00000030h]1_2_32E6B490
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6B490 mov eax, dword ptr fs:[00000030h]1_2_32E6B490
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EBC490 mov eax, dword ptr fs:[00000030h]1_2_32EBC490
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EFA464 mov eax, dword ptr fs:[00000030h]1_2_32EFA464
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E38470 mov eax, dword ptr fs:[00000030h]1_2_32E38470
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E38470 mov eax, dword ptr fs:[00000030h]1_2_32E38470
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EEF478 mov eax, dword ptr fs:[00000030h]1_2_32EEF478
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E40445 mov eax, dword ptr fs:[00000030h]1_2_32E40445
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E40445 mov eax, dword ptr fs:[00000030h]1_2_32E40445
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E40445 mov eax, dword ptr fs:[00000030h]1_2_32E40445
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E40445 mov eax, dword ptr fs:[00000030h]1_2_32E40445
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E40445 mov eax, dword ptr fs:[00000030h]1_2_32E40445
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E40445 mov eax, dword ptr fs:[00000030h]1_2_32E40445
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6D450 mov eax, dword ptr fs:[00000030h]1_2_32E6D450
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6D450 mov eax, dword ptr fs:[00000030h]1_2_32E6D450
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E3D454 mov eax, dword ptr fs:[00000030h]1_2_32E3D454
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E3D454 mov eax, dword ptr fs:[00000030h]1_2_32E3D454
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E3D454 mov eax, dword ptr fs:[00000030h]1_2_32E3D454
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E3D454 mov eax, dword ptr fs:[00000030h]1_2_32E3D454
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E3D454 mov eax, dword ptr fs:[00000030h]1_2_32E3D454
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E3D454 mov eax, dword ptr fs:[00000030h]1_2_32E3D454
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5E45E mov eax, dword ptr fs:[00000030h]1_2_32E5E45E
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5E45E mov eax, dword ptr fs:[00000030h]1_2_32E5E45E
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5E45E mov eax, dword ptr fs:[00000030h]1_2_32E5E45E
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5E45E mov eax, dword ptr fs:[00000030h]1_2_32E5E45E
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E5E45E mov eax, dword ptr fs:[00000030h]1_2_32E5E45E
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2B420 mov eax, dword ptr fs:[00000030h]1_2_32E2B420
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EB9429 mov eax, dword ptr fs:[00000030h]1_2_32EB9429
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E67425 mov eax, dword ptr fs:[00000030h]1_2_32E67425
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E67425 mov ecx, dword ptr fs:[00000030h]1_2_32E67425
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EBF42F mov eax, dword ptr fs:[00000030h]1_2_32EBF42F
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EBF42F mov eax, dword ptr fs:[00000030h]1_2_32EBF42F
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EBF42F mov eax, dword ptr fs:[00000030h]1_2_32EBF42F
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EBF42F mov eax, dword ptr fs:[00000030h]1_2_32EBF42F
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EBF42F mov eax, dword ptr fs:[00000030h]1_2_32EBF42F
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EC6400 mov eax, dword ptr fs:[00000030h]1_2_32EC6400
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32EC6400 mov eax, dword ptr fs:[00000030h]1_2_32EC6400
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E2640D mov eax, dword ptr fs:[00000030h]1_2_32E2640D
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6A5E7 mov ebx, dword ptr fs:[00000030h]1_2_32E6A5E7
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 1_2_32E6A5E7 mov eax, dword ptr fs:[00000030h]1_2_32E6A5E7

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Found direct / indirect Syscall (likely to bypass EDR)
        Source: C:\Users\user\Desktop\FACTURA-002297.exeNtSuspendThread: Indirect: 0x32B33909Jump to behavior
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x3E16998Jump to behavior
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x3E0EC6DJump to behavior
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtResumeThread: Direct from: 0x3E0EE9FJump to behavior
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x3E0EE2EJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeNtQueueApcThread: Indirect: 0x32B2F414Jump to behavior
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtTerminateThread: Direct from: 0x7FFB6E782651Jump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeNtSetContextThread: Indirect: 0x32B335E9Jump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeNtResumeThread: Indirect: 0x32B33C29Jump to behavior
        Maps a DLL or memory area into another process
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: execute and read and writeJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeSection loaded: NULL target: C:\Windows\SysWOW64\SecEdit.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\SecEdit.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\SecEdit.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\SecEdit.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: read writeJump to behavior
        Modifies the context of a thread in another process (thread injection)
        Source: C:\Users\user\Desktop\FACTURA-002297.exeThread register set: target process: 6084Jump to behavior
        Source: C:\Windows\SysWOW64\SecEdit.exeThread register set: target process: 6084Jump to behavior
        Queues an APC in another process (thread injection)
        Source: C:\Users\user\Desktop\FACTURA-002297.exeThread APC queued: target process: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeJump to behavior
        Source: C:\Users\user\Desktop\FACTURA-002297.exeProcess created: C:\Users\user\Desktop\FACTURA-002297.exe "C:\Users\user\Desktop\FACTURA-002297.exe"Jump to behavior
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\SecEdit.exe "C:\Windows\SysWOW64\SecEdit.exe"Jump to behavior
        Source: RAVCpl64.exe, 00000002.00000000.13141282402.0000000000E10000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000002.00000002.17463442135.0000000000E10000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000002.17461187952.0000000001010000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
        Source: RAVCpl64.exe, 00000002.00000000.13141282402.0000000000E10000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000002.00000002.17463442135.0000000000E10000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.14689574230.0000000004730000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
        Source: RAVCpl64.exe, 00000002.00000000.13141282402.0000000000E10000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000002.00000002.17463442135.0000000000E10000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000002.17461187952.0000000001010000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
        Source: explorer.exe, 00000004.00000000.14686651962.0000000000990000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.17459599073.0000000000990000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 1Progman
        Source: C:\Users\user\Desktop\FACTURA-002297.exeCode function: 0_2_00403489 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403489

        Stealing of Sensitive Information

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000003.00000002.14765009374.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000001.00000002.13227651588.0000000032B50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.14765099123.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

        Remote Access Functionality

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000003.00000002.14765009374.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000001.00000002.13227651588.0000000032B50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.14765099123.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
        Native API        		1
        DLL Side-Loading        		1
        Access Token Manipulation        		1
        Masquerading        		OS Credential Dumping121
        Security Software Discovery        		Remote Services1
        Archive Collected Data        		11
        Encrypted Channel        		Exfiltration Over Other Network Medium1
        System Shutdown/Reboot
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts312
        Process Injection        		2
        Virtualization/Sandbox Evasion        		LSASS Memory2
        Virtualization/Sandbox Evasion        		Remote Desktop Protocol1
        Clipboard Data        		1
        Ingress Tool Transfer        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
        Abuse Elevation Control Mechanism        		1
        Access Token Manipulation        		Security Account Manager2
        Process Discovery        		SMB/Windows Admin SharesData from Network Shared Drive2
        Non-Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
        DLL Side-Loading        		312
        Process Injection        		NTDS1
        Application Window Discovery        		Distributed Component Object ModelInput Capture13
        Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        Deobfuscate/Decode Files or Information        		LSA Secrets3
        File and Directory Discovery        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
        Abuse Elevation Control Mechanism        		Cached Domain Credentials13
        System Information Discovery        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items3
        Obfuscated Files or Information        		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
        DLL Side-Loading        		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1524995 Sample: FACTURA-002297.exe Startdate: 03/10/2024 Architecture: WINDOWS Score: 100 28 drive.usercontent.google.com 2->28 30 drive.google.com 2->30 38 Malicious sample detected (through community Yara rule) 2->38 40 Antivirus / Scanner detection for submitted sample 2->40 42 Multi AV Scanner detection for submitted file 2->42 44 2 other signatures 2->44 10 FACTURA-002297.exe 1 28 2->10         started        signatures3 process4 file5 26 C:\Users\user\AppData\Local\...\System.dll, PE32 10->26 dropped 52 Switches to a custom stack to bypass stack traces 10->52 14 FACTURA-002297.exe 6 10->14         started        signatures6 process7 dnsIp8 32 drive.usercontent.google.com 142.250.81.225, 443, 49805 GOOGLEUS United States 14->32 34 drive.google.com 142.251.32.110, 443, 49804 GOOGLEUS United States 14->34 54 Modifies the context of a thread in another process (thread injection) 14->54 56 Maps a DLL or memory area into another process 14->56 58 Queues an APC in another process (thread injection) 14->58 60 Found direct / indirect Syscall (likely to bypass EDR) 14->60 18 RAVCpl64.exe 14->18 injected signatures9 process10 signatures11 36 Found direct / indirect Syscall (likely to bypass EDR) 18->36 21 SecEdit.exe 18->21         started        process12 signatures13 46 Modifies the context of a thread in another process (thread injection) 21->46 48 Maps a DLL or memory area into another process 21->48 50 Switches to a custom stack to bypass stack traces 21->50 24 explorer.exe 60 1 21->24 injected process14

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        FACTURA-002297.exe100%AviraHEUR/AGEN.1331786
        FACTURA-002297.exe13%ReversingLabsWin32.Trojan.Generic

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Local\Temp\nsqD01E.tmp\System.dll0%ReversingLabs

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        No Antivirus matches

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        drive.google.com
        		142.251.32.110
        		truefalse
          		unknown
          drive.usercontent.google.com
          		142.250.81.225
          		truefalse
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://api.msn.com/v1/news/Feed/Windows?explorer.exe, 00000004.00000000.14692727753.00000000094F4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.17481542953.00000000094F4000.00000004.00000001.00020000.00000000.sdmpfalse
              		unknown
              https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/Condition/MostlyClearNight.svgexplorer.exe, 00000004.00000002.17500353309.000000000C99E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14697423170.000000000C99E000.00000004.00000001.00020000.00000000.sdmpfalse
                		unknown
                https://drive.google.com/7FACTURA-002297.exe, 00000001.00000002.13215088885.0000000002AD8000.00000004.00000020.00020000.00000000.sdmpfalse
                  		unknown
                  https://assets.msn.com/weathermapdata/1/static/finance/taskbar/icons/earnings/svg/light/blue.svgexplorer.exe, 00000004.00000000.14697423170.000000000CA5B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.17500353309.000000000CCF3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14702424389.0000000010A3A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.17512533718.0000000010A3A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14697423170.000000000CCF3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.17500353309.000000000CA5B000.00000004.00000001.00020000.00000000.sdmpfalse
                    		unknown
                    https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/Condition/MostlyClearNight.pngexplorer.exe, 00000004.00000000.14697423170.000000000C99E000.00000004.00000001.00020000.00000000.sdmpfalse
                      		unknown
                      https://assets.msn.com/weathermapdata/1/static/finance/taskbar/icons/earnings/svg/light/blue.svggexplorer.exe, 00000004.00000002.17500353309.000000000C99E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14697423170.000000000C99E000.00000004.00000001.00020000.00000000.sdmpfalse
                        		unknown
                        https://api.msn.com:443/v1/news/Feed/Windows?explorer.exe, 00000004.00000002.17500353309.000000000C810000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14697423170.000000000C810000.00000004.00000001.00020000.00000000.sdmpfalse
                          		unknown
                          https://assets.msn.com/weathermapdata/1/static/finance/taskbar/icons/earnings/svg/light/blue.svg%explorer.exe, 00000004.00000002.17500353309.000000000CCF3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14697423170.000000000CCF3000.00000004.00000001.00020000.00000000.sdmpfalse
                            		unknown
                            http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.FACTURA-002297.exe, 00000001.00000001.12705991401.0000000000649000.00000020.00000001.01000000.00000007.sdmpfalse
                              		unknown
                              https://drive.usercontent.google.com/FACTURA-002297.exe, 00000001.00000003.12776239317.0000000002B5D000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13123975623.0000000002B55000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13124066322.0000000002B5A000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000002.13215535110.0000000002B5D000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13123689221.0000000002B5A000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13180075651.0000000002B5D000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13123533419.0000000002B55000.00000004.00000020.00020000.00000000.sdmpfalse
                                		unknown
                                https://assets.msn.com/explorer.exe, 00000004.00000000.14697423170.000000000CCDE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.17500353309.000000000CCDE000.00000004.00000001.00020000.00000000.sdmpfalse
                                  		unknown
                                  http://nsis.sf.net/NSIS_ErrorErrorFACTURA-002297.exefalse
                                    		unknown
                                    http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTDFACTURA-002297.exe, 00000001.00000001.12705991401.0000000000626000.00000020.00000001.01000000.00000007.sdmpfalse
                                      		unknown
                                      http://schemas.microexplorer.exe, 00000004.00000002.17486398552.0000000009B70000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000002.17463972278.0000000002EE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000002.17489138860.000000000ACB0000.00000002.00000001.00040000.00000000.sdmpfalse
                                        		unknown
                                        https://drive.google.com/GFACTURA-002297.exe, 00000001.00000002.13215088885.0000000002AD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          http://www.gopher.ftp://ftp.FACTURA-002297.exe, 00000001.00000001.12705991401.0000000000649000.00000020.00000001.01000000.00000007.sdmpfalse
                                            		unknown
                                            https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/Condition_Badge/MostlyClearNigexplorer.exe, 00000004.00000000.14699484326.000000000CD03000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14697423170.000000000CA5B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.17500353309.000000000CA5B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.17505828756.000000000CD03000.00000004.00000001.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://assets.msn.com/weathermapdata/1/pollensenserendered/091023/explorer.exe, 00000004.00000002.17480075054.00000000092B0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14692188196.00000000092B0000.00000004.00000001.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://www.google.comFACTURA-002297.exe, 00000001.00000003.12746028479.0000000002B5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://assets.msn.com/weathermapdatexplorer.exe, 00000004.00000002.17507133801.000000000CE53000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14699992004.000000000CE53000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/AQI/uspl04.svgexplorer.exe, 00000004.00000002.17512301661.0000000010961000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14702229596.0000000010961000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14702424389.0000000010A3A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.17512533718.0000000010A3A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://assets.msn.com/weathermapdata/1/static/news/BreakingNews_72x72.svgoexplorer.exe, 00000004.00000002.17500353309.000000000C99E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14697423170.000000000C99E000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtdFACTURA-002297.exe, 00000001.00000001.12705991401.00000000005F2000.00000020.00000001.01000000.00000007.sdmpfalse
                                                          		unknown
                                                          https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/AQI/uspl04.svg4explorer.exe, 00000004.00000000.14702424389.0000000010A3A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.17512533718.0000000010A3A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214FACTURA-002297.exe, 00000001.00000001.12705991401.0000000000649000.00000020.00000001.01000000.00000007.sdmpfalse
                                                              		unknown
                                                              https://assets.msn.com/Fexplorer.exe, 00000004.00000000.14697423170.000000000CCDE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.17500353309.000000000CCDE000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtdFACTURA-002297.exe, 00000001.00000001.12705991401.00000000005F2000.00000020.00000001.01000000.00000007.sdmpfalse
                                                                  		unknown
                                                                  https://assets.msn.com/weathermapdat;explorer.exe, 00000004.00000002.17480075054.00000000092B0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14692188196.00000000092B0000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://api.msn.com/explorer.exe, 00000004.00000000.14692727753.00000000094F4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.17481542953.00000000094F4000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://apis.google.comFACTURA-002297.exe, 00000001.00000003.12746028479.0000000002B5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://drive.usercontent.google.com/?FACTURA-002297.exe, 00000001.00000003.12776239317.0000000002B5D000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13123975623.0000000002B55000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13124066322.0000000002B5A000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000002.13215535110.0000000002B5D000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13123689221.0000000002B5A000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13180075651.0000000002B5D000.00000004.00000020.00020000.00000000.sdmp, FACTURA-002297.exe, 00000001.00000003.13123533419.0000000002B55000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://assets.msn.com/weathermapdata/1/static/finance/taskbar/icons/earnings/svg/light/blue.svgY:explorer.exe, 00000004.00000000.14702424389.0000000010A3A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.17512533718.0000000010A3A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://assets.msn.com/weathermapdata/1/explorer.exe, 00000004.00000000.14692188196.00000000092B0000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://www.msn.com/en-us/money/markets?id=a33k6hexplorer.exe, 00000004.00000002.17480075054.00000000092B0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14692188196.00000000092B0000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://assets.msn.com/weathermapdata/1/pollensensecity/202409102336/PollenCity.jsonexplorer.exe, 00000004.00000002.17480075054.00000000092B0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14692188196.00000000092B0000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://assets.msn.com/weathermapdata/1/static/news/BreakingNews_72x72.svgexplorer.exe, 00000004.00000002.17500353309.000000000C99E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.17500353309.000000000C8F6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14697423170.000000000C8F6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.14697423170.000000000C99E000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                    		unknown

                                                                                    World Map of Contacted IPs

                                                                                    • No. of IPs < 25%
                                                                                    • 25% < No. of IPs < 50%
                                                                                    • 50% < No. of IPs < 75%
                                                                                    • 75% < No. of IPs

                                                                                    Public IPs

                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                    142.251.32.110
                                                                                    		drive.google.comUnited States
                                                                                    		15169GOOGLEUSfalse
                                                                                    142.250.81.225
                                                                                    		drive.usercontent.google.comUnited States
                                                                                    		15169GOOGLEUSfalse

                                                                                    General Information

                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                    Analysis ID:1524995
                                                                                    Start date and time:2024-10-03 15:19:12 +02:00
                                                                                    Joe Sandbox product:CloudBasic
                                                                                    Overall analysis duration:0h 17m 28s
                                                                                    Hypervisor based Inspection enabled:false
                                                                                    Report type:full
                                                                                    Cookbook file name:default.jbs
                                                                                    Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2021, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                                    Run name:Suspected Instruction Hammering
                                                                                    Number of analysed new started processes analysed:3
                                                                                    Number of new started drivers analysed:0
                                                                                    Number of existing processes analysed:0
                                                                                    Number of existing drivers analysed:0
                                                                                    Number of injected processes analysed:2
                                                                                    Technologies:
                                                                                    • HCA enabled
                                                                                    • EGA enabled
                                                                                    • AMSI enabled
                                                                                    Analysis Mode:default
                                                                                    Analysis stop reason:Timeout
                                                                                    Sample name:FACTURA-002297.exe
                                                                                    Detection:MAL
                                                                                    Classification:mal100.troj.evad.winEXE@5/8@2/2
                                                                                    EGA Information:
                                                                                    • Successful, ratio: 100%
                                                                                    HCA Information:
                                                                                    • Successful, ratio: 90%
                                                                                    • Number of executed functions: 74
                                                                                    • Number of non-executed functions: 300
                                                                                    Cookbook Comments:
                                                                                    • Found application associated with file extension: .exe
                                                                                    • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                                                    Warnings

                                                                                    • Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com, nexusrules.officeapps.live.com
                                                                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                    • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                    • Report size getting too big, too many NtOpenKey calls found.
                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                    • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                    • VT rate limit hit for: FACTURA-002297.exe

                                                                                    Simulations

                                                                                    Behavior and APIs

                                                                                    TimeTypeDescription
                                                                                    09:23:14API Interceptor8459737x Sleep call for process: SecEdit.exe modified

                                                                                    Joe Sandbox View / Context

                                                                                    IPs

                                                                                    No context

                                                                                    Domains

                                                                                    No context

                                                                                    ASNs

                                                                                    No context

                                                                                    JA3 Fingerprints

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    37f463bf4616ecd445d4a1937da06e19file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                    • 142.251.32.110
                                                                                    • 142.250.81.225
                                                                                    Layer.exeGet hashmaliciousUnknownBrowse
                                                                                    • 142.251.32.110
                                                                                    • 142.250.81.225
                                                                                    Layer.exeGet hashmaliciousUnknownBrowse
                                                                                    • 142.251.32.110
                                                                                    • 142.250.81.225
                                                                                    file.exeGet hashmaliciousVidarBrowse
                                                                                    • 142.251.32.110
                                                                                    • 142.250.81.225
                                                                                    24100311.EXE.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                    • 142.251.32.110
                                                                                    • 142.250.81.225
                                                                                    file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                    • 142.251.32.110
                                                                                    • 142.250.81.225
                                                                                    file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                    • 142.251.32.110
                                                                                    • 142.250.81.225
                                                                                    4bblnRvDdS.lnkGet hashmaliciousUnknownBrowse
                                                                                    • 142.251.32.110
                                                                                    • 142.250.81.225
                                                                                    file.exeGet hashmaliciousVidarBrowse
                                                                                    • 142.251.32.110
                                                                                    • 142.250.81.225
                                                                                    file.exeGet hashmaliciousVidarBrowse
                                                                                    • 142.251.32.110
                                                                                    • 142.250.81.225

                                                                                    Dropped Files

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    C:\Users\user\AppData\Local\Temp\nsqD01E.tmp\System.dllLisectAVT_2403002A_41.exeGet hashmaliciousGuLoaderBrowse
                                                                                      LisectAVT_2403002A_41.exeGet hashmaliciousGuLoaderBrowse
                                                                                        Inventory_list.img.exeGet hashmaliciousGuLoaderBrowse
                                                                                          Inventory_list.img.exeGet hashmaliciousGuLoaderBrowse
                                                                                            sF2s1EQU7T.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                              sF2s1EQU7T.exeGet hashmaliciousGuLoaderBrowse
                                                                                                xerox322200524.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                  xerox322200524.exeGet hashmaliciousGuLoaderBrowse
                                                                                                    INQUIRY#46789-MAY20.docGet hashmaliciousGuLoaderBrowse

                                                                                                      Created / dropped Files

                                                                                                      C:\Users\user\AppData\Local\Temp\nsqD01E.tmp\System.dll

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\FACTURA-002297.exe
                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):11776
                                                                                                      Entropy (8bit):5.659384359264642
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:192:ex24sihno00Wfl97nH6BenXwWobpWBTtvShJ5omi7dJWjOlESlS:h8QIl972eXqlWBFSt273YOlEz
                                                                                                      MD5:8B3830B9DBF87F84DDD3B26645FED3A0
                                                                                                      SHA1:223BEF1F19E644A610A0877D01EADC9E28299509
                                                                                                      SHA-256:F004C568D305CD95EDBD704166FCD2849D395B595DFF814BCC2012693527AC37
                                                                                                      SHA-512:D13CFD98DB5CA8DC9C15723EEE0E7454975078A776BCE26247228BE4603A0217E166058EBADC68090AFE988862B7514CB8CB84DE13B3DE35737412A6F0A8AC03
                                                                                                      Malicious:false
                                                                                                      Antivirus:
                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                      Joe Sandbox View:
                                                                                                      • Filename: LisectAVT_2403002A_41.exe, Detection: malicious, Browse
                                                                                                      • Filename: LisectAVT_2403002A_41.exe, Detection: malicious, Browse
                                                                                                      • Filename: Inventory_list.img.exe, Detection: malicious, Browse
                                                                                                      • Filename: Inventory_list.img.exe, Detection: malicious, Browse
                                                                                                      • Filename: sF2s1EQU7T.exe, Detection: malicious, Browse
                                                                                                      • Filename: sF2s1EQU7T.exe, Detection: malicious, Browse
                                                                                                      • Filename: xerox322200524.exe, Detection: malicious, Browse
                                                                                                      • Filename: xerox322200524.exe, Detection: malicious, Browse
                                                                                                      • Filename: INQUIRY#46789-MAY20.doc, Detection: malicious, Browse
                                                                                                      Reputation:moderate, very likely benign file
                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1...u.u.u...s.u.a....r.!..q....t....t.Richu.........................PE..L.....uY...........!..... ...........'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..S....0.......$..............@..@.data...x....@.......(..............@....reloc..`....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                      C:\Users\user\AppData\Local\Temp\nsyC9F3.tmp

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\FACTURA-002297.exe
                                                                                                      File Type:data
                                                                                                      Category:dropped
                                                                                                      Size (bytes):1342893
                                                                                                      Entropy (8bit):3.84778993540836
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:12288:DmqAGHutfRHzhUN9qzOfyC9orlRzDU0A0K:6qAGHuNnDUrR
                                                                                                      MD5:68CD82D8D7B0AE4AB967756A3CDD37D9
                                                                                                      SHA1:DC3D8A15CB60F37281E1270B27408F9EC6BB1C97
                                                                                                      SHA-256:B98F045B7839307D00DEB4511673F84B5DE0CEFCA79A0B12CEA63D491240CA7E
                                                                                                      SHA-512:F4F7A9D4324261A60716F8881ACDEBAF362EB8E457CE53043C55DCAAEFE9A7FBF7B448D70E3A89D6173E70284A917C323F9DF784D13866884A726112BE7363EF
                                                                                                      Malicious:false
                                                                                                      Reputation:low
                                                                                                      Preview:X8......,........................).......7......@8..........................................................................................................................................................................................................................................G...J...........:...j...............................................................................................................................U...............'.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet\Acaudal.Bug

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\FACTURA-002297.exe
                                                                                                      File Type:data
                                                                                                      Category:dropped
                                                                                                      Size (bytes):204579
                                                                                                      Entropy (8bit):7.5147855095311105
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3072:loTM/m/kFcPSTihkDdA2axwcxEDsg5JL2Spx2Ku5HHB1OwfNNb/qAkb:2T6mi8fhkmqAgj5pHuBHB1OwfNNb/qAM
                                                                                                      MD5:4152383E862BB7AFA98882C157B2DFEC
                                                                                                      SHA1:0943020EF6F7413F4851208C489D4F5B3FB11D5C
                                                                                                      SHA-256:9112BCCB2E7646B21839E8E92A225F5058A8DA7E608E5A6A9A26C546554508CF
                                                                                                      SHA-512:1EEBA2DF8FBFE2B792FFA6D32B8F4F4C51D6A876515FC43E98D51A06B30D8C1A0446BA53DEDBDACF8B8188C4AEABDEAD128F6996CD2E7C4CD871DBF41D595B5A
                                                                                                      Malicious:false
                                                                                                      Reputation:low
                                                                                                      Preview:................4................~~...22...e.___....'...........U.8.VVVV..................00..........^.GG.............5......".LLLLL......................l..........b.........//..QQQQ......................Y.<.......................CC..==........................Q.........`.........88.&.....3........55.bbb...........!......+...}}.......y.._...............77.9........./.............(.....QQQ.......*......................................xxx.qq..}.44.aaaaaaaa..555.......-.t.....,,...ww.7....6.................................................................B.---.0......{............................!.7.....H.U.........H...F................................AAA.|..............o..............................................................^................EEEE....{...uu.@@...4...............2.............N........B..1.....%...........p......0.........q..,...........pp.............G.88...9....A.YYY.W.................................h..........q.p.gg.............................................j.F

                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet\Onohippidium.Sub

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\FACTURA-002297.exe
                                                                                                      File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):436842
                                                                                                      Entropy (8bit):2.6573516086534257
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:1536:3YV9pJ8gSetRFLS+0Sa7MgUXNTK+JYW0dqaeHm6UVBcNOj7xblc3nwO6dczWmEuI:3hUdjzceqzmbVHfyCkG41dbgoLDtRLX
                                                                                                      MD5:7191E3113C5FB396BB3FCE925351225C
                                                                                                      SHA1:D73FD7A3D85A36CE55527692245C933334B324E4
                                                                                                      SHA-256:4F70B8361E988CCA3A1E97C2BA012CD17787F03873A42C3D1841F60814563663
                                                                                                      SHA-512:AA83CE61CE904E126C1F07D8B51186EFE47B1896580D489502C47D1A41F48DE09E18861E74105D11D585EB8AD8949191DC5CE99736A0EE8203B08DB015EF2E26
                                                                                                      Malicious:false
                                                                                                      Preview:000000A2A20051000400B3B3B3000079000000F1F1F1F1F1008E00F4005C000069000000000000292900C4000000004646464600A60000D800FB00353500001D000018181818000056000022222222000000002323000000000000717100BBBB000036000000100000CECE00CBCB009400002B00009F0000444444440000FCFCFCFCFCFCFCFCFC00BC00B3B3B3B3B30000AF0000000000005700B8002A0000F600E40000A7A7004B4B000000009A0037370000D0000000060029001700006000000000D200A1A100F1000E005656000011002C004C000072004000005A5A003900DCDC00CBCB00AA0000CF00000000640000003B00000D000000000063007D7D00000000000000A000000000F10000BA000099990000007500BF000000000000000E0000B00021210000BABABA000000F2F200ADAD000076007600000000000000000000F7F7F7000000003B0011000000006C0000D000A4A400008D8D8D8D8D8D8D006C6C6C6C6C00B7B7B7B7B7005900000000000000600000002929292900000000730000F500004848000000C700000000707070000000EBEB0000000000730000DB0073730000A600004040005400000000F0F00000000000272700000000A500009A0000003737373737004B00007D00F7F7F70000009B000000FD00000000EA000048003838380000F700D600ACACAC00

                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet\bushers.txt

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\FACTURA-002297.exe
                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):523
                                                                                                      Entropy (8bit):4.30492942039079
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:12:nGy3qcf5opzE6vCdgLMc/Uqv7FE7KRbqYUH6uN0u8vM:GEpxoy6adY/UqvZEwbql6uNh
                                                                                                      MD5:B33890A43FB0F38B6DDF18C5BCEFE234
                                                                                                      SHA1:80ED178A92C2B5CB530AEE4673FFC9011EBF86BB
                                                                                                      SHA-256:3BF02F982A76A4C896FDA78C1C4B2B730D690DD86475213DC415269D4629407B
                                                                                                      SHA-512:169E2D067337BF05BA08D615CE61B28CA4FD93D204966B3386FB4B373D9BACD689BEE3DDC5E04A4F19586E585263F62BC40B0944A10E5867C63C9C7236A5CC48
                                                                                                      Malicious:false
                                                                                                      Preview:clisiocampa percussing acronyctous petitesses pilgrimsrejser zygosphene miasmology konkyljens..labelable kraftls veneries symbolically duncan sulemadens,logopdisk genuinenesses pseudoinspirational bekenderen.franciscanism krftcellers drylots toksikologiskes rottegiftes impecuniary slisken autokratiets hjertebaandet banegaardsbygningen choenix..adrenocorticotropic mangfoldigheders avisudvikling ekstremitetens skamsloges nrede unpersuasion trachling tvrformatets..negerbolle suppressionen lustful bagels flamenco selrets,

                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet\meropidae.kej

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\FACTURA-002297.exe
                                                                                                      File Type:data
                                                                                                      Category:dropped
                                                                                                      Size (bytes):276551
                                                                                                      Entropy (8bit):1.2459972317120458
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:768:q5eLWls2nEEvz9mAEPesDf7zRhfRKrtTgtOnumyYJBW+JAILJcqhOzwnasNP2r2J:q86nLDJnJuki2BaFsfRz
                                                                                                      MD5:0071DC51C79F0655F0BB77074D56B1D7
                                                                                                      SHA1:9617AE1434B07532BAAF39D69CF720C05B85E8F9
                                                                                                      SHA-256:0628FA8F44795D79D5B855E8387985E04D134E8B57FE4D57E663FBAED278DF89
                                                                                                      SHA-512:E2149E9F3B18DCB50E49EC51226D7A6BF3969E119B385410E80E431024B25A938C965C743D80C0C1D8A3820D0DDDA14464CAC75F73AE22F259B447264F8431BA
                                                                                                      Malicious:false
                                                                                                      Preview:........................................................#..................................................................................E........R...............................]......................W...\......O.........................................$9......4.............................;..........X........................Z........"..............................................................................;..........U.....................^.....................l.......................3...................~............u.........................................e......P..................................H..............................................................................2.........2.................>....................................................................................................................+.......z....................A..$.........................................................................................]........?..............................

                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet\plastron.ori

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\FACTURA-002297.exe
                                                                                                      File Type:data
                                                                                                      Category:dropped
                                                                                                      Size (bytes):398154
                                                                                                      Entropy (8bit):1.2543435533086644
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:1536:8IfJmHKeJzuGrd0myk0Ek5rFnJd62xZ9WEmaslkcO:8omHKAJR0T8axr
                                                                                                      MD5:7BA8E260D6477B4FD16DAE2D14EA4482
                                                                                                      SHA1:16873CB5BFBA899D4ED937603AA9980F119695D6
                                                                                                      SHA-256:C19F7B3F1A20E1529113EE69AA53DB6E124A51F03098E6FB6AF0E76037C85B8B
                                                                                                      SHA-512:ECAA786515C73B08A44C22FD48B205166611750EC633849823A88BBF95A675CA29FB7F22E652EFCFC055FC92F8381FC6276F4B732F91612A2385BF670131FFF2
                                                                                                      Malicious:false
                                                                                                      Preview:...................z...................................................1........................................T.......r...........................'......................O..................|......P.................................0.....................................).......................l.............S..^......Z.........E.................................{.....................................................................................................................................................................$...........*................................................D........y....................................0..........|........m............................G.............Q...........>...s.......C...................................................".....................................................................+.......................L...6.......................................................................`.................................k.....................

                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Gaulin.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\FACTURA-002297.exe
                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):37
                                                                                                      Entropy (8bit):4.046762824854522
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:lgov8fOMy:XHB
                                                                                                      MD5:CFDA8E6AADE7958F94A959BDB29CB209
                                                                                                      SHA1:59C459E105A7AF33D13A365F735E3CB7B8E5DDB0
                                                                                                      SHA-256:B4543E8AB4997934D2EDC7DE8A76A24B7C2CCB641212AE3B9B17FE05B71D3E87
                                                                                                      SHA-512:EDFDCA00667ED3A5558F7E614373F0B8393763A979154666972C659CB44E75CCD51170E4E2189043046EB4DDB8A68642BBDB6F98A0E494E76E86FAAF14F993B2
                                                                                                      Malicious:false
                                                                                                      Preview:[xanthippe]..sikkerhedsgraden=preve..

                                                                                                      Static File Info

                                                                                                      General

                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                      Entropy (8bit):7.220027468397493
                                                                                                      TrID:
                                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                      File name:FACTURA-002297.exe
                                                                                                      File size:569'120 bytes
                                                                                                      MD5:e0cdd543f142a8cb51c02d2229f9602d
                                                                                                      SHA1:fe357f74ea47ba6319fe68240131f19c9ae2664d
                                                                                                      SHA256:1602325d55a3537877b0a08c80dfd34f69a12b08d10af3b5aec5479fac779283
                                                                                                      SHA512:f435c47834a9d430ed23d24836c391ddaac2904bddc76e53551aca7df607940e911efa2c752c18e19d82c454582fb75da5e67ffc8660252e35db775ff1b9588a
                                                                                                      SSDEEP:6144:HIw3/aVqeUyFpR211QqcrrGmMvL41GTpiEBsfnZlcaAX4TUjiSiilU9t75k2hWjE:HaPF609uJ41kpiEoRAoARlU6tPzcP
                                                                                                      TLSH:CFC4DFAB6DD3C8DEC803063099A5B6B5B6F19DF09703AD0763B33BE82D32E518E45255
                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....uY.................d...*.....

                                                                                                      File Icon

                                                                                                      Icon Hash:5ce633391c1c0601

                                                                                                      Static PE Info

                                                                                                      General

                                                                                                      Entrypoint:0x403489
                                                                                                      Entrypoint Section:.text
                                                                                                      Digitally signed:true
                                                                                                      Imagebase:0x400000
                                                                                                      Subsystem:windows gui
                                                                                                      Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                      Time Stamp:0x5975952E [Mon Jul 24 06:35:26 2017 UTC]
                                                                                                      TLS Callbacks:
                                                                                                      CLR (.Net) Version:
                                                                                                      OS Version Major:4
                                                                                                      OS Version Minor:0
                                                                                                      File Version Major:4
                                                                                                      File Version Minor:0
                                                                                                      Subsystem Version Major:4
                                                                                                      Subsystem Version Minor:0
                                                                                                      Import Hash:1f23f452093b5c1ff091a2f9fb4fa3e9

                                                                                                      Authenticode Signature

                                                                                                      Signature Valid:false
                                                                                                      Signature Issuer:CN="Teoriundervisningers Karaktertrkkets Erstatningstegns ", E=Depressionernes@Audiologis.Ob, L=Bobigny, S=\xcele-de-France, C=FR
                                                                                                      Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                                                                      Error Number:-2146762487
                                                                                                      Not Before, Not After
                                                                                                      • 17/05/2024 12:03:15 17/05/2027 12:03:15
                                                                                                      Subject Chain
                                                                                                      • CN="Teoriundervisningers Karaktertrkkets Erstatningstegns ", E=Depressionernes@Audiologis.Ob, L=Bobigny, S=\xcele-de-France, C=FR
                                                                                                      Version:3
                                                                                                      Thumbprint MD5:3C61393EA2CC9EE8E931C75C603B86AF
                                                                                                      Thumbprint SHA-1:D6DC3F3E54A4F84CBA0217627B7E990E69E475B7
                                                                                                      Thumbprint SHA-256:C6DEB1791444CAE01731B717E532DB234A83EBC42F793B76C17A2E521C680FBD
                                                                                                      Serial:04048296E13CF560A13F4632C4B9F30DBCBC11B5

                                                                                                      Entrypoint Preview

                                                                                                      Instruction
                                                                                                      sub esp, 000002D4h
                                                                                                      push ebx
                                                                                                      push esi
                                                                                                      push edi
                                                                                                      push 00000020h
                                                                                                      pop edi
                                                                                                      xor ebx, ebx
                                                                                                      push 00008001h
                                                                                                      mov dword ptr [esp+14h], ebx
                                                                                                      mov dword ptr [esp+10h], 0040A230h
                                                                                                      mov dword ptr [esp+1Ch], ebx
                                                                                                      call dword ptr [004080ACh]
                                                                                                      call dword ptr [004080A8h]
                                                                                                      and eax, BFFFFFFFh
                                                                                                      cmp ax, 00000006h
                                                                                                      mov dword ptr [0042A24Ch], eax
                                                                                                      je 00007F683CF63D23h
                                                                                                      push ebx
                                                                                                      call 00007F683CF66FD1h
                                                                                                      cmp eax, ebx
                                                                                                      je 00007F683CF63D19h
                                                                                                      push 00000C00h
                                                                                                      call eax
                                                                                                      mov esi, 004082B0h
                                                                                                      push esi
                                                                                                      call 00007F683CF66F4Bh
                                                                                                      push esi
                                                                                                      call dword ptr [00408150h]
                                                                                                      lea esi, dword ptr [esi+eax+01h]
                                                                                                      cmp byte ptr [esi], 00000000h
                                                                                                      jne 00007F683CF63CFCh
                                                                                                      push 0000000Ah
                                                                                                      call 00007F683CF66FA4h
                                                                                                      push 00000008h
                                                                                                      call 00007F683CF66F9Dh
                                                                                                      push 00000006h
                                                                                                      mov dword ptr [0042A244h], eax
                                                                                                      call 00007F683CF66F91h
                                                                                                      cmp eax, ebx
                                                                                                      je 00007F683CF63D21h
                                                                                                      push 0000001Eh
                                                                                                      call eax
                                                                                                      test eax, eax
                                                                                                      je 00007F683CF63D19h
                                                                                                      or byte ptr [0042A24Fh], 00000040h
                                                                                                      push ebp
                                                                                                      call dword ptr [00408044h]
                                                                                                      push ebx
                                                                                                      call dword ptr [004082A0h]
                                                                                                      mov dword ptr [0042A318h], eax
                                                                                                      push ebx
                                                                                                      lea eax, dword ptr [esp+34h]
                                                                                                      push 000002B4h
                                                                                                      push eax
                                                                                                      push ebx
                                                                                                      push 004216E8h
                                                                                                      call dword ptr [00408188h]
                                                                                                      push 0040A384h

                                                                                                      Rich Headers

                                                                                                      Programming Language:
                                                                                                      • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                      Data Directories

                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x84fc0xa0.rdata
                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x570000x220b8.rsrc
                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x89ae80x1438
                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                      Sections

                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                      .text0x10000x63d10x6400139645791b76bd6f7b8c4472edbbdfe5False0.66515625data6.479451209065IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                      .rdata0x80000x138e0x1400007eff248f0493620a3fd3f7cadc755bFalse0.45data5.143831732151552IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                      .data0xa0000x203580x600ec5bcec782f43a3fb7e8dfbe0d0db4dbFalse0.501953125data4.000739070159718IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                      .ndata0x2b0000x2c0000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                      .rsrc0x570000x220b80x2220030cc4d5ad2d805f600d8d9358a38829aFalse0.1827066163003663data2.9689436080399076IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                      Resources

                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                      RT_ICON0x572c80x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536EnglishUnited States0.14975452502070272
                                                                                                      RT_ICON0x67af00x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 36864EnglishUnited States0.18344019339920117
                                                                                                      RT_ICON0x70f980x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384EnglishUnited States0.21953235710911667
                                                                                                      RT_ICON0x751c00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216EnglishUnited States0.2731327800829875
                                                                                                      RT_ICON0x777680x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096EnglishUnited States0.3428705440900563
                                                                                                      RT_DIALOG0x788100x120dataEnglishUnited States0.5138888888888888
                                                                                                      RT_DIALOG0x789300x11cdataEnglishUnited States0.6056338028169014
                                                                                                      RT_DIALOG0x78a500xc4dataEnglishUnited States0.5918367346938775
                                                                                                      RT_DIALOG0x78b180x60dataEnglishUnited States0.7291666666666666
                                                                                                      RT_GROUP_ICON0x78b780x4cdataEnglishUnited States0.8026315789473685
                                                                                                      RT_VERSION0x78bc80x1b0dataEnglishUnited States0.5601851851851852
                                                                                                      RT_MANIFEST0x78d780x33eXML 1.0 document, ASCII text, with very long lines (830), with no line terminatorsEnglishUnited States0.5542168674698795

                                                                                                      Imports

                                                                                                      DLLImport
                                                                                                      KERNEL32.dllExitProcess, SetFileAttributesW, Sleep, GetTickCount, CreateFileW, GetFileSize, GetModuleFileNameW, GetCurrentProcess, SetCurrentDirectoryW, GetFileAttributesW, SetEnvironmentVariableW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, CopyFileW, GetShortPathNameW, GlobalLock, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalUnlock, GetDiskFreeSpaceW, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW
                                                                                                      USER32.dllGetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage
                                                                                                      GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                                      SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW
                                                                                                      ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                                                                                      COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                                                      ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                                                      Possible Origin

                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                      EnglishUnited States

                                                                                                      Network Behavior

                                                                                                      Suricata IDS Alerts

                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                      2024-10-03T15:21:53.249574+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.3049804142.251.32.110443TCP

                                                                                                      Network Port Distribution

                                                                                                      TCP Packets

                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                      Oct 3, 2024 15:21:52.799314022 CEST49804443192.168.11.30142.251.32.110
                                                                                                      Oct 3, 2024 15:21:52.799385071 CEST44349804142.251.32.110192.168.11.30
                                                                                                      Oct 3, 2024 15:21:52.799556971 CEST49804443192.168.11.30142.251.32.110
                                                                                                      Oct 3, 2024 15:21:52.823745966 CEST49804443192.168.11.30142.251.32.110
                                                                                                      Oct 3, 2024 15:21:52.823816061 CEST44349804142.251.32.110192.168.11.30
                                                                                                      Oct 3, 2024 15:21:53.041160107 CEST44349804142.251.32.110192.168.11.30
                                                                                                      Oct 3, 2024 15:21:53.041354895 CEST49804443192.168.11.30142.251.32.110
                                                                                                      Oct 3, 2024 15:21:53.043487072 CEST44349804142.251.32.110192.168.11.30
                                                                                                      Oct 3, 2024 15:21:53.043684959 CEST49804443192.168.11.30142.251.32.110
                                                                                                      Oct 3, 2024 15:21:53.090182066 CEST49804443192.168.11.30142.251.32.110
                                                                                                      Oct 3, 2024 15:21:53.090289116 CEST44349804142.251.32.110192.168.11.30
                                                                                                      Oct 3, 2024 15:21:53.091408014 CEST44349804142.251.32.110192.168.11.30
                                                                                                      Oct 3, 2024 15:21:53.091594934 CEST49804443192.168.11.30142.251.32.110
                                                                                                      Oct 3, 2024 15:21:53.092571020 CEST49804443192.168.11.30142.251.32.110
                                                                                                      Oct 3, 2024 15:21:53.140384912 CEST44349804142.251.32.110192.168.11.30
                                                                                                      Oct 3, 2024 15:21:53.249666929 CEST44349804142.251.32.110192.168.11.30
                                                                                                      Oct 3, 2024 15:21:53.249871016 CEST49804443192.168.11.30142.251.32.110
                                                                                                      Oct 3, 2024 15:21:53.249982119 CEST44349804142.251.32.110192.168.11.30
                                                                                                      Oct 3, 2024 15:21:53.250049114 CEST44349804142.251.32.110192.168.11.30
                                                                                                      Oct 3, 2024 15:21:53.250202894 CEST49804443192.168.11.30142.251.32.110
                                                                                                      Oct 3, 2024 15:21:53.250202894 CEST49804443192.168.11.30142.251.32.110
                                                                                                      Oct 3, 2024 15:21:53.253868103 CEST49804443192.168.11.30142.251.32.110
                                                                                                      Oct 3, 2024 15:21:53.253993034 CEST44349804142.251.32.110192.168.11.30
                                                                                                      Oct 3, 2024 15:21:53.391890049 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:53.391930103 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:53.392111063 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:53.392451048 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:53.392472982 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:53.620423079 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:53.620724916 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:53.624624014 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:53.624654055 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:53.625159979 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:53.625328064 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:53.625665903 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:53.668236017 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:55.831868887 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:55.832024097 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:55.832072020 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:55.832072020 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:55.845587969 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:55.845838070 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:55.859415054 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:55.859591007 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:55.859602928 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:55.859875917 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:55.929066896 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:55.929292917 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:55.929303885 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:55.929516077 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:55.932472944 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:55.932707071 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:55.932718039 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:55.932929993 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:55.939265966 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:55.939465046 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:55.939476013 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:55.939743042 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:55.946177959 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:55.946413040 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:55.946424007 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:55.946652889 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:55.953133106 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:55.953396082 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:55.953407049 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:55.953620911 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:55.960202932 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:55.960414886 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:55.960426092 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:55.960637093 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:55.967000008 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:55.967262030 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:55.967272997 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:55.967602968 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:55.973964930 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:55.974189043 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:55.974200010 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:55.974411964 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:55.980875969 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:55.981090069 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:55.981101036 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:55.981357098 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:55.987921000 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:55.988168955 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:55.988183022 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:55.988501072 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:55.994752884 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:55.994992018 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:55.995002985 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:55.995259047 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.001827002 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.002135992 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.002146959 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.002409935 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.008692980 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.008975029 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.012383938 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.012691975 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.012702942 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.012994051 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.026351929 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.026583910 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.026595116 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.026858091 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.029411077 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.029628038 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.029639006 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.029863119 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.034733057 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.034949064 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.034960032 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.035224915 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.039967060 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.040262938 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.040277004 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.040509939 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.044883966 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.045123100 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.045134068 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.045372963 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.049765110 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.049896955 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.050230980 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.050241947 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.050615072 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.054723024 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.054984093 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.054996014 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.055210114 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.065185070 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.065443993 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.065455914 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.065668106 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.068049908 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.068273067 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.068284988 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.068469048 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.069242954 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.069423914 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.069436073 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.069595098 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.074130058 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.074311972 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.074323893 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.074673891 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.079124928 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.079391003 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.082570076 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.082906961 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.082917929 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.083128929 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.086678982 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.086937904 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.086949110 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.087162018 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.091454983 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.091667891 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.091679096 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.091872931 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.096009016 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.096390009 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.096400976 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.096560955 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.100378036 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.100737095 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.100747108 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.100908041 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.104963064 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.105146885 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.105158091 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.105315924 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.109272957 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.109486103 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.109497070 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.109824896 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.113398075 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.113611937 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.113622904 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.113876104 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.117543936 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.117773056 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.117784023 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.118046999 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.121661901 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.121844053 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.121855021 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.122148991 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.125992060 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.126207113 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.126218081 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.126425028 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.129928112 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.130141020 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.130151987 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.130480051 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.132513046 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.132723093 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.133819103 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.134078979 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.134089947 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.134418964 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.136478901 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.136776924 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.136789083 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.137108088 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.139003992 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.139219999 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.139231920 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.139444113 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.141469002 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.141719103 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.141731024 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.141932964 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.143851042 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.144056082 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.144067049 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.144328117 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.146416903 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.146686077 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.146697044 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.147021055 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.148875952 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.149096012 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.149107933 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.149368048 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.151320934 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.151515007 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.151525974 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.151806116 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.153681040 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.153913021 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.153939962 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.154192924 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.156100988 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.156306028 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.156315088 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.156578064 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.158513069 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.158725977 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.158735037 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.158968925 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.162617922 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.162833929 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.162844896 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.163095951 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.163866997 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.164096117 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.164524078 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.164729118 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.164737940 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.164947987 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.166810989 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.167016029 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.167025089 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.167287111 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.169204950 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.169424057 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.169433117 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.169693947 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.171591043 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.171772957 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.171781063 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.172065973 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.173758030 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.173988104 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.174009085 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.174326897 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.176039934 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.176269054 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.176278114 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.176487923 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.178462029 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.178668022 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.178677082 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.178860903 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.180633068 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.180896044 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.180907011 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.181236029 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.182810068 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.183083057 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.183093071 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.183298111 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.186036110 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.186319113 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.186343908 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.186678886 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.187259912 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.187478065 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.187489033 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.187741995 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.189615011 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.189838886 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.189850092 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.190109015 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.191745996 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.191957951 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.192687988 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.192907095 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.192917109 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.193141937 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.194849014 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.195050955 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.195060015 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.195297003 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.196938038 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.197166920 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.197175980 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.197386026 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.199073076 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.199281931 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.199294090 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.199559927 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.201375961 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.201663017 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.201673985 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.201889038 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.203340054 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.203546047 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.203557968 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.203838110 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.205406904 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.205670118 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.205682039 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.206007957 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.207432985 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.207756042 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.207767010 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.208004951 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.209642887 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.209908009 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.209918976 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.210249901 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.211524010 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.211750984 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.211762905 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.211993933 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.213531971 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.213823080 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.213835001 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.214049101 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.215361118 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.215574026 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.215584993 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.215848923 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.217310905 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.217600107 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.218310118 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.218595982 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.218605995 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.218935013 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.220386982 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.220592022 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.220601082 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.220860004 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.221929073 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.222134113 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.222141981 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.222404003 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.223793983 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.224010944 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.224019051 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.224282026 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.227183104 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.227389097 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.227396965 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.227582932 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.228084087 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.228265047 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.228272915 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.228532076 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.229784966 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.229990005 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.229996920 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.230257988 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.231401920 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.231610060 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.231617928 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.231872082 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.233186960 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.233441114 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.233449936 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.233659983 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.234474897 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.234679937 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.234688044 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.234924078 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.236334085 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.236550093 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.236557961 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.236816883 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.237754107 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.237993002 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.238001108 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.238358974 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.239368916 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.239574909 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.240279913 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.240535975 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.240544081 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.240875006 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.241758108 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.241978884 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.241987944 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.242242098 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.243185997 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.243402958 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.243429899 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.243683100 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.244725943 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.244929075 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.244936943 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.245198965 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.246407986 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.246613026 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.246620893 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.246830940 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.247864008 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.248094082 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.248101950 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.248337030 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.249372959 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.249552965 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.249560118 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.249819994 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.250776052 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.250981092 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.250988960 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.251224041 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.252238035 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.252451897 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.252460003 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.252720118 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.253724098 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.253931999 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.253940105 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.254198074 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.255106926 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.255311012 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.255320072 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.255489111 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.256581068 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.256833076 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.256840944 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.257056952 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.257863998 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.258074045 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.258080959 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.258264065 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.259215117 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.259566069 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.259573936 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.259906054 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.260622025 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.260827065 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.261277914 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.261537075 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.261544943 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.261753082 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.262573957 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.262783051 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.262790918 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.263098001 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.263917923 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.264098883 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.264106989 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.264367104 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.265268087 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.265449047 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.265455961 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.265716076 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.266712904 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.266973019 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.266980886 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.267187119 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.267805099 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.267985106 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.267992973 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.268276930 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.269089937 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.269279957 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.269337893 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.269567013 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.270376921 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.270582914 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.270591021 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.270802021 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.271497011 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.271622896 CEST44349805142.250.81.225192.168.11.30
                                                                                                      Oct 3, 2024 15:21:56.271681070 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.271775961 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.271775961 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.576863050 CEST49805443192.168.11.30142.250.81.225
                                                                                                      Oct 3, 2024 15:21:56.576880932 CEST44349805142.250.81.225192.168.11.30

                                                                                                      UDP Packets

                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                      Oct 3, 2024 15:21:52.699407101 CEST6532953192.168.11.301.1.1.1
                                                                                                      Oct 3, 2024 15:21:52.793984890 CEST53653291.1.1.1192.168.11.30
                                                                                                      Oct 3, 2024 15:21:53.295430899 CEST5476653192.168.11.301.1.1.1
                                                                                                      Oct 3, 2024 15:21:53.390795946 CEST53547661.1.1.1192.168.11.30

                                                                                                      DNS Queries

                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                      Oct 3, 2024 15:21:52.699407101 CEST192.168.11.301.1.1.10xd1a0Standard query (0)drive.google.comA (IP address)IN (0x0001)false
                                                                                                      Oct 3, 2024 15:21:53.295430899 CEST192.168.11.301.1.1.10xbaefStandard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false

                                                                                                      DNS Answers

                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                      Oct 3, 2024 15:21:52.793984890 CEST1.1.1.1192.168.11.300xd1a0No error (0)drive.google.com142.251.32.110A (IP address)IN (0x0001)false
                                                                                                      Oct 3, 2024 15:21:53.390795946 CEST1.1.1.1192.168.11.300xbaefNo error (0)drive.usercontent.google.com142.250.81.225A (IP address)IN (0x0001)false

                                                                                                      HTTP Request Dependency Graph

                                                                                                      • drive.google.com
                                                                                                      • drive.usercontent.google.com

                                                                                                      HTTPS Proxied Packets

                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      0192.168.11.3049804142.251.32.1104436464C:\Users\user\Desktop\FACTURA-002297.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-03 13:21:53 UTC216OUTGET /uc?export=download&id=1OdgW5jXNxO1G0UZ5n_rUYTHivp-qXwoP HTTP/1.1
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                      Host: drive.google.com
                                                                                                      Cache-Control: no-cache
                                                                                                      2024-10-03 13:21:53 UTC1610INHTTP/1.1 303 See Other
                                                                                                      Content-Type: application/binary
                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                      Pragma: no-cache
                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                      Date: Thu, 03 Oct 2024 13:21:53 GMT
                                                                                                      Location: https://drive.usercontent.google.com/download?id=1OdgW5jXNxO1G0UZ5n_rUYTHivp-qXwoP&export=download
                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                      Content-Security-Policy: script-src 'nonce-fAL1A5F9Gisu7kH2eakqeg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                      Server: ESF
                                                                                                      Content-Length: 0
                                                                                                      X-XSS-Protection: 0
                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                      X-Content-Type-Options: nosniff
                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      1192.168.11.3049805142.250.81.2254436464C:\Users\user\Desktop\FACTURA-002297.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-03 13:21:53 UTC258OUTGET /download?id=1OdgW5jXNxO1G0UZ5n_rUYTHivp-qXwoP&export=download HTTP/1.1
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                      Cache-Control: no-cache
                                                                                                      Host: drive.usercontent.google.com
                                                                                                      Connection: Keep-Alive
                                                                                                      2024-10-03 13:21:55 UTC4902INHTTP/1.1 200 OK
                                                                                                      Content-Type: application/octet-stream
                                                                                                      Content-Security-Policy: sandbox
                                                                                                      Content-Security-Policy: default-src 'none'
                                                                                                      Content-Security-Policy: frame-ancestors 'none'
                                                                                                      X-Content-Security-Policy: sandbox
                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                      Cross-Origin-Embedder-Policy: require-corp
                                                                                                      Cross-Origin-Resource-Policy: same-site
                                                                                                      X-Content-Type-Options: nosniff
                                                                                                      Content-Disposition: attachment; filename="zWFQctiLOcXpxhFMlLstZN119.bin"
                                                                                                      Access-Control-Allow-Origin: *
                                                                                                      Access-Control-Allow-Credentials: false
                                                                                                      Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogA [TRUNCATED]
                                                                                                      Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                                                                                                      Accept-Ranges: bytes
                                                                                                      Content-Length: 288320
                                                                                                      Last-Modified: Thu, 03 Oct 2024 10:25:41 GMT
                                                                                                      X-GUploader-UploadID: AD-8ljuH74Gjbz_S3mE1H5xzV-JrA_jg0scWYWdpdkzkyBLzPMcF1mWpWfGo0FlJiZespphLKpM
                                                                                                      Date: Thu, 03 Oct 2024 13:21:55 GMT
                                                                                                      Expires: Thu, 03 Oct 2024 13:21:55 GMT
                                                                                                      Cache-Control: private, max-age=0
                                                                                                      X-Goog-Hash: crc32c=lUSlGA==
                                                                                                      Server: UploadServer
                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                      Connection: close
                                                                                                      2024-10-03 13:21:55 UTC4902INData Raw: de dd 8d 48 8f 1f b6 e0 b5 90 15 d3 ab e7 4c 07 0f 10 5a 48 e9 c8 fe 73 16 c1 bf 66 e0 f2 aa d7 87 ee 03 20 5c 1a c2 e9 96 86 5e e8 73 79 37 28 1d d7 ee b7 5a b3 22 41 46 e7 d3 9e d7 ea bf 1a c7 bd 96 42 76 09 f7 b3 c0 23 06 62 f5 ca 29 4c fc dc eb 66 f0 af b6 7d 6b 7e 60 3e 23 04 1f 45 b1 f8 e7 1c 2d 6a c3 9d 9f 72 46 ba 69 1e 46 5f 45 0d 16 84 07 56 85 cd 85 9a 49 0a 63 3a e1 62 05 de 4c b2 00 ed 07 c9 ca 84 71 c5 05 1c b2 8a a5 93 a8 fc 6b 85 91 d5 14 6d 70 8f 27 0c 6f 63 9d c1 ef dd f4 b8 98 6d 00 58 7f 48 4d 59 f5 2f 95 3a b7 cf 30 25 d8 2d f8 b9 9b 1d 9f 63 bf 14 63 bd 8a 29 69 cd e9 4b b9 27 a2 68 76 55 01 9e 6c 6a d6 da 04 aa b6 cd f7 c1 75 24 24 0d 1b 95 6e 83 7f df ad b4 4c 4b 03 5c 37 4b ff 48 5e 5e 99 58 98 bd a4 a5 ce 6d 6e e0 56 5a 43 0c e3
                                                                                                      Data Ascii: HLZHsf \^sy7(Z"AFBv#b)Lf}k~`>#E-jrFiF_EVIc:bLqkmp'ocmXHMY/:0%-cc)iK'hvUlju$$nLK\7KH^^XmnVZC
                                                                                                      2024-10-03 13:21:55 UTC4894INData Raw: fa da 61 59 53 8d 9d c1 c2 ef 86 f9 dc 70 18 c1 f6 b3 85 da 0e 04 eb 87 d0 bf c8 3d 5e 73 bf 7f d5 7b f2 2b 0c a1 fe da 91 07 59 61 db 79 04 ee da 78 13 8f 39 f1 9e 38 a1 af 4c ce bf 5d e9 52 b5 6d 5b f4 a6 27 ba b6 4d 58 41 05 b0 c2 5f 5a 0a fc ba cb 07 cd 76 cc 1b 0b 08 8d 5f e3 95 f4 89 c2 ef 30 5a fc 2c 8f c0 d4 da e6 b7 eb 70 e5 ff e4 e4 d6 28 63 d0 ce 7c 4b c2 28 45 71 21 b3 9f a0 b1 52 a3 91 ff 5f 55 d1 cd cc 0a 37 f0 d4 89 06 19 d6 f3 b5 cc 1b a6 43 a6 f1 26 6b 7b 75 df 5c 27 81 78 4d 42 73 08 2c e7 5c ac 53 3e 00 7f 88 13 1c ab 71 62 a3 dd 7f 47 53 36 90 b7 1a af 00 53 5c 4a 79 4a 98 50 85 7c d1 8d c4 7a e3 3b 4e df 90 d5 59 ed 71 20 ed da a8 e3 70 69 08 a7 15 1f 11 59 89 1b 6a 8b 9a 2a 0e d9 47 16 90 12 84 fe 80 5f 96 7c 49 45 25 e5 6b 5b 40 a3
                                                                                                      Data Ascii: aYSp=^s{+Yayx98L]Rm['MXA_Zv_0Z,p(c|K(Eq!R_U7C&k{u\'xMBs,\S>qbGS6S\JyJP|z;NYq piYj*G_|IE%k[@
                                                                                                      2024-10-03 13:21:55 UTC1255INData Raw: d9 4d 47 ae 9f 31 ee ef e5 c6 24 0e 99 3a e2 e0 41 c1 19 96 51 b3 9b 87 a0 b3 bb 44 79 e7 6d 27 1f 7f 5b 91 e0 55 00 43 5f 7e 1a 5c 8d 5c d2 bc 1f 8b 1e b6 7b cd b6 76 cb d6 c6 d1 b4 fd 97 5b a1 d6 3d cf 14 40 22 71 a6 ac 7d f7 3f 15 ea ee ab 47 6a 43 71 29 74 33 eb e4 7b 9b 0c 64 07 79 05 d4 fc 1a be 10 ff c5 dd 13 12 cb 2b 36 9b c3 bc ce 68 7b fe 79 ea f2 df f9 46 0a a0 e4 0c 94 e6 70 b2 fa 62 d5 10 bd fd 56 a0 4a 48 af ce 14 32 12 ed eb 71 20 1d 7c 0c 81 82 3d 87 07 09 b2 b3 31 8a 5c 0c 46 fb a0 8b ab 34 53 91 2f 58 b1 f6 5e d5 c1 21 81 61 aa e0 ec b1 17 83 3c 78 83 28 a5 81 06 90 53 82 69 a9 90 d3 db dd 4a f6 6f 9b 9d ca 18 3c 9e 29 5d 43 ed fe 0e 1f 93 89 1b b3 65 89 ce ba 09 0b cd 6e 25 82 ea 05 d9 fa de e6 1c 82 7a ea 97 75 23 8b ec 18 e9 cc c5 2d
                                                                                                      Data Ascii: MG1$:AQDym'[UC_~\\{v[=@"q}?GjCq)t3{dy+6h{yFpbVJH2q |=1\F4S/X^!a<x(SiJo<)]Cen%zu#-
                                                                                                      2024-10-03 13:21:55 UTC68INData Raw: 34 46 01 a2 c9 6e df d1 81 f1 20 f4 bd b8 63 7c fa f5 81 81 05 b7 32 be 0a e3 af 6f 57 8b 51 2b 06 1c 45 11 15 fd be 20 c5 47 b2 59 c3 90 76 b9 38 ac 82 05 3e 64 32 b7 9c 56 a2 8f 21 33 d7 9a 9f 22 a3 1a
                                                                                                      Data Ascii: 4Fn c|2oWQ+E GYv8>d2V!3"
                                                                                                      2024-10-03 13:21:55 UTC1255INData Raw: c2 5f 63 0e c2 27 17 d6 ef a7 41 e2 06 96 00 16 4c 1f e9 ac a6 05 b1 29 0c 10 e5 82 53 fc c5 83 3c d8 5d 2f 7b 9e 3c 37 9b d9 1f 4d a0 1d 9b d3 f8 74 2e 9c d4 a0 a0 8e 44 a5 64 cd 2b 17 83 85 f6 cb 5d 58 02 43 88 27 ce 3a 1d 1d 48 db 5e b2 f2 32 28 2e b3 85 3c 13 6c 51 79 64 ac 8b df 17 74 d2 b0 9d ef 72 44 72 95 58 69 a8 19 6b 3a 89 bf 66 81 75 61 6e 1c 79 b4 52 ca 1b 63 6d ce 5f ee ad 10 a3 40 72 26 38 c3 a1 67 58 f2 5a 54 b5 a9 6a 25 b2 30 df 24 38 cf 4b e1 b8 fb 7e 4d e3 8d 44 ee d2 5c bd 7e 6b 9e 34 de 9b e4 49 4e 75 78 11 20 03 80 8a 5a 3b 3e 9f 4d dc fc 98 9f 1a 0c 4e 20 9f a5 9e a4 9c fe 0c 8b e3 29 28 5b 5f 9f b0 da 0e 5b 39 39 d4 a7 08 f2 7e 71 8a 9d 34 8d ab 1c 7a 67 d8 79 90 8f fe 74 8e d6 cf d3 92 af 0b cf b0 7c 95 53 52 31 91 83 14 25 13 ff
                                                                                                      Data Ascii: _c'AL)S<]/{<7Mt.Dd+]XC':H^2(.<lQydtrDrXik:fuanyRcm_@r&8gXZTj%0$8K~MD\~k4INux Z;>MN )([_[99~q4zgyt|SR1%
                                                                                                      2024-10-03 13:21:55 UTC1255INData Raw: 68 1f ee 4c 0e 1e f6 83 28 a5 83 4d 7c 97 cc 26 76 7c 12 21 5c 39 30 a1 3f 40 80 af 42 50 80 24 13 2b 41 53 dc 71 55 b3 61 bd ba 7c 5e 85 62 a3 3c 73 3a b9 3a 89 bf 89 5d 72 00 08 eb a4 8a 25 84 6d a2 5a a9 1d 1d e5 a0 1f cb 3f 1d f6 6e 34 ec 51 7b 9a 0c 12 d0 72 25 c7 b1 1d 7a 0b 0f 1f 25 18 5e f7 b3 62 0a 84 10 58 ec 25 4f 60 ba be 13 1f 49 1c b6 fd 3d a6 ed 37 b4 cb 42 f5 c3 25 92 dc c7 52 1d 1c c6 be ce 47 1e cf 64 67 21 b4 6a 60 29 59 76 fc 2b be 55 c0 75 b8 ef 1e f4 d2 87 ef 86 b5 9d 3f b7 9f fc 85 62 55 0f a1 60 1a c4 0b 42 79 51 bb ae b3 ca 6d c3 54 e1 b5 78 e9 af 9e df d2 9d 6c 3d 79 78 18 e0 0a 8e 0e ff fa b1 a8 49 24 2e 5b a6 91 8e 1e b9 d5 8e c7 82 0d c3 29 c9 40 d2 e4 bd 2b 73 a1 50 f4 16 7a 6d 3e 2b d6 65 4e de 64 4b dc fc 00 03 cd a6 ad bf
                                                                                                      Data Ascii: hL(M|&v|!\90?@BP$+ASqUa|^b<s::]r%mZ?n4Q{r%z%^bX%O`I=7B%RGdg!j`)Yv+Uu?bU`ByQmTxl=yxI$.[)@+sPzm>+eNdK
                                                                                                      2024-10-03 13:21:55 UTC1255INData Raw: 1f 09 eb 97 f0 5e b9 94 a2 65 cb a7 6d 21 61 4e be 62 51 fd de 6e a9 59 2f a0 e2 4e 50 07 2c 70 0c f5 70 bf 8f 65 61 5a 60 f8 ce 96 0a 84 10 60 ea 01 c3 bb ce 2c d6 f6 b4 5b c5 0d 6c d2 15 e2 34 82 42 74 32 50 6e d3 53 57 f9 58 87 be af 34 e5 82 b5 5c f1 79 77 6a 68 4f 46 51 e2 58 46 4b af be 42 41 93 63 f2 02 4e 45 ec 2f f5 da 04 85 79 75 0d 3d 1f d4 57 83 b2 30 d0 53 44 b5 f9 b6 89 9b d4 88 74 91 79 60 fc 13 9b b9 35 b8 98 0a 2c 4b 76 6b 1b f1 9e cc 59 fb a5 99 67 47 50 f2 79 6d b9 c1 c0 f1 dd 65 06 ed 5d 00 7e 21 c2 fd c4 14 14 8d 67 74 81 c7 dd fb ad 2e 13 28 0c b1 c3 86 5b a3 44 01 f8 ed f0 50 06 d2 4d e4 aa 58 87 e1 4c fa cd 37 e5 f2 23 5b b0 ae 00 de 97 c3 5f 8d d7 9e 17 9f 23 24 32 24 a9 e2 99 9d 45 04 39 a2 bd ee 31 a4 fc a7 c1 c2 c5 b0 16 4e a5
                                                                                                      Data Ascii: ^em!aNbQnY/NP,ppeaZ``,[l4Bt2PnSWX4\ywjhOFQXFKBAcNE/yu=W0SDty`5,KvkYgGPyme]~!gt.([DPMXL7#[_#$2$E91N
                                                                                                      2024-10-03 13:21:55 UTC1255INData Raw: 7f 48 2d 2b 8d 07 be 22 8f d7 66 a4 b8 74 1f 9c cf 2b f3 53 7b 3e 80 fb 3c 00 54 d0 eb 05 00 be 0e 9f a7 d8 f2 57 4f 97 59 96 bc 5b 35 c3 30 24 81 e2 78 8f f9 96 67 87 4b 76 65 1f 41 e8 9d 26 ac d9 27 d9 e5 97 ce 33 d0 2e 90 c1 72 73 34 70 87 b6 1c 4b a9 81 43 54 64 13 34 86 91 12 ba d0 bf 48 c5 5a c4 c5 8d 5e 02 fb 50 41 1a 86 92 88 0d 6c c2 b6 d0 06 82 99 37 ed 8b 41 92 7b 76 b9 7e 28 4a cb 75 fd 25 35 dc 06 a2 52 6e 69 52 39 b0 d1 b4 df 41 b5 66 e3 98 bd e7 f0 35 22 53 a4 c4 6d 20 5a 2c bb 83 67 36 c8 48 84 fc 5b 13 a6 bc 61 0f dc cf 7c 4b 05 1c 44 25 5e fa 88 64 cb 16 cc d4 3a 97 e2 84 1b 63 78 5e f3 b8 24 a8 26 ec b0 60 fb 34 37 d4 39 bb 3b 70 50 be e3 0c 5f 3d da 6a a7 20 34 7c 72 fe 18 b4 ca 4d 92 2c 44 87 c6 0b 7f f1 8e 95 99 7b 88 dd a6 01 ea ad
                                                                                                      Data Ascii: H-+"ft+S{><TWOY[50$xgKveA&'3.rs4pKCTd4HZ^PAl7A{v~(Ju%5RniR9Af5"Sm Z,g6H[a|KD%^d:cx^$&`479;pP_=j 4|rM,D{
                                                                                                      2024-10-03 13:21:55 UTC1255INData Raw: 45 d0 ca 61 31 3d 17 01 4d c2 6e 12 cd c6 a2 b2 25 72 97 57 23 94 b5 00 47 5a 66 9f b7 d8 12 68 b9 7b ee bc 91 bf 58 d9 0b 31 80 28 36 f7 2e b6 d0 74 65 c8 bb 8d 86 a2 79 71 dd 75 2c 8d 1b f3 64 43 20 aa 05 e5 80 14 4e 63 14 9c cd cc a3 37 56 2a d5 f7 58 a2 12 38 0a 88 83 f0 62 a0 aa b0 23 fb a2 af f4 9d cd cb e8 be aa c7 62 b4 80 72 bd 1d b8 9f a4 a7 d8 d1 43 7e 3f 0b 07 60 1d aa e1 90 6c 5d 41 72 4b f4 48 ed a7 c4 21 e2 7c 62 70 1e 86 09 26 49 b9 fb 02 6c 49 2c 2d 39 0c 7d 08 06 72 71 ad 75 45 52 05 7f bd 4a 11 78 75 3c a4 3a 97 9d 98 84 b4 89 2e 46 0a 2a b7 db c1 c9 3b 43 f6 01 14 a5 27 96 f5 b5 d5 c7 9e ac cf 4a 30 40 1a 95 ef 34 f9 41 c5 6b 3b 81 aa 8e 0a 15 a9 1b fe 18 21 7f be aa 58 79 02 cf 91 44 25 08 c8 4d c1 fc 41 43 c4 dc ce b9 39 38 d2 b3 80
                                                                                                      Data Ascii: Ea1=Mn%rW#GZfh{X1(6.teyqu,dC Nc7V*X8b#brC~?`l]ArKH!|bp&IlI,-9}rquERJxu<:.F*;C'J0@4Ak;!XyD%MAC98
                                                                                                      2024-10-03 13:21:55 UTC1255INData Raw: 6d b6 91 49 f3 80 92 c1 dc 46 c6 e1 6c 96 87 d9 fc 2e bb 52 18 14 f2 63 49 61 37 9d 9b 8e 34 b1 fe 32 10 1e fc 6d 57 38 06 15 aa b9 37 a5 e9 50 8b 4b e5 a8 d7 30 32 bc aa e8 64 94 2c 47 97 6d 2b b7 e1 bd ab 23 2e 34 35 a2 8d 92 5c 0f d5 7a 28 8d 33 2f 2f a6 97 06 d1 c4 92 ad 02 2f 1a b7 7a 32 1c 7d ac 0b 0f 58 d2 d0 23 c1 6e 7e 19 95 3a e2 4f b4 42 97 ad b8 2f 8a ce 4e d7 57 c5 41 ef fb af d1 d5 3d 35 00 c7 94 48 2d 10 60 c1 45 26 92 15 18 85 53 45 ef 80 21 58 69 3e 64 6d 3e 43 47 17 39 61 07 02 67 58 9b 62 58 d9 ed 92 9d d0 6d 05 d7 fa d8 8c 4b c6 62 58 08 ef ab 5e b4 81 83 42 c9 db 48 9b af 48 7b 68 78 70 0b c5 f8 0b 48 df d9 30 89 fe 4d 5c 4a b7 97 92 d5 d7 c3 3c 4e 90 27 ec 2b 92 92 26 cd f1 8c ef 80 06 8a 69 98 b7 1e ae 3b f2 5e 47 41 d6 3e 0d 6f d0
                                                                                                      Data Ascii: mIFl.RcIa742mW87PK02d,Gm+#.45\z(3///z2}X#n~:OB/NWA=5H-`E&SE!Xi>dm>CG9agXbXmKbX^BHH{hxpH0M\J<N'+&i;^GA>o


                                                                                                      Statistics

                                                                                                      CPU Usage

                                                                                                      Click to jump to process

                                                                                                      Memory Usage

                                                                                                      Click to jump to process

                                                                                                      High Level Behavior Distribution

                                                                                                      Click to dive into process behavior distribution

                                                                                                      Behavior

                                                                                                      Click to jump to process

                                                                                                      System Behavior

                                                                                                      General

                                                                                                      Target ID:0
                                                                                                      Start time:09:21:13
                                                                                                      Start date:03/10/2024
                                                                                                      Path:C:\Users\user\Desktop\FACTURA-002297.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:"C:\Users\user\Desktop\FACTURA-002297.exe"
                                                                                                      Imagebase:0x400000
                                                                                                      File size:569'120 bytes
                                                                                                      MD5 hash:E0CDD543F142A8CB51C02D2229F9602D
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Yara matches:
                                                                                                      • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.12781637657.000000000332A000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      Reputation:low
                                                                                                      Has exited:true

                                                                                                      General

                                                                                                      Target ID:1
                                                                                                      Start time:09:21:48
                                                                                                      Start date:03/10/2024
                                                                                                      Path:C:\Users\user\Desktop\FACTURA-002297.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:"C:\Users\user\Desktop\FACTURA-002297.exe"
                                                                                                      Imagebase:0x400000
                                                                                                      File size:569'120 bytes
                                                                                                      MD5 hash:E0CDD543F142A8CB51C02D2229F9602D
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Yara matches:
                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.13227651588.0000000032B50000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.13227651588.0000000032B50000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                      Reputation:low
                                                                                                      Has exited:true

                                                                                                      General

                                                                                                      Target ID:2
                                                                                                      Start time:09:22:31
                                                                                                      Start date:03/10/2024
                                                                                                      Path:C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
                                                                                                      Imagebase:0x140000000
                                                                                                      File size:16'696'840 bytes
                                                                                                      MD5 hash:731FB4B2E5AFBCADAABB80D642E056AC
                                                                                                      Has elevated privileges:false
                                                                                                      Has administrator privileges:false
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:moderate
                                                                                                      Has exited:false

                                                                                                      General

                                                                                                      Target ID:3
                                                                                                      Start time:09:22:32
                                                                                                      Start date:03/10/2024
                                                                                                      Path:C:\Windows\SysWOW64\SecEdit.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:"C:\Windows\SysWOW64\SecEdit.exe"
                                                                                                      Imagebase:0x610000
                                                                                                      File size:37'888 bytes
                                                                                                      MD5 hash:BFC13856291E4B804D33BBAEFC8CB3B5
                                                                                                      Has elevated privileges:false
                                                                                                      Has administrator privileges:false
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Yara matches:
                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.14765009374.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.14765009374.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.14765099123.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.14765099123.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                      Reputation:moderate
                                                                                                      Has exited:true

                                                                                                      General

                                                                                                      Target ID:4
                                                                                                      Start time:09:25:06
                                                                                                      Start date:03/10/2024
                                                                                                      Path:C:\Windows\explorer.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:C:\Windows\Explorer.EXE
                                                                                                      Imagebase:0x7ff7e5c70000
                                                                                                      File size:4'849'904 bytes
                                                                                                      MD5 hash:5EA66FF5AE5612F921BC9DA23BAC95F7
                                                                                                      Has elevated privileges:false
                                                                                                      Has administrator privileges:false
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high
                                                                                                      Has exited:false

                                                                                                      Disassembly

                                                                                                      Reset < >

                                                                                                        Execution Graph

                                                                                                        Execution Coverage:17.3%
                                                                                                        Dynamic/Decrypted Code Coverage:13.2%
                                                                                                        Signature Coverage:19.2%
                                                                                                        Total number of Nodes:1590
                                                                                                        Total number of Limit Nodes:37
                                                                                                        execution_graph 5086 10001000 5089 1000101b 5086->5089 5096 10001516 5089->5096 5091 10001020 5092 10001024 5091->5092 5093 10001027 GlobalAlloc 5091->5093 5094 1000153d 3 API calls 5092->5094 5093->5092 5095 10001019 5094->5095 5098 1000151c 5096->5098 5097 10001522 5097->5091 5098->5097 5099 1000152e GlobalFree 5098->5099 5099->5091 4198 401941 4199 401943 4198->4199 4200 402c37 17 API calls 4199->4200 4201 401948 4200->4201 4204 405abe 4201->4204 4243 405d89 4204->4243 4207 405ae6 DeleteFileW 4209 401951 4207->4209 4208 405afd 4211 405c28 4208->4211 4257 4063b0 lstrcpynW 4208->4257 4211->4209 4275 4066f3 FindFirstFileW 4211->4275 4212 405b23 4213 405b36 4212->4213 4214 405b29 lstrcatW 4212->4214 4258 405ccd lstrlenW 4213->4258 4215 405b3c 4214->4215 4218 405b4c lstrcatW 4215->4218 4220 405b57 lstrlenW FindFirstFileW 4215->4220 4218->4220 4222 405c1d 4220->4222 4241 405b79 4220->4241 4221 405c46 4278 405c81 lstrlenW CharPrevW 4221->4278 4222->4211 4225 405c00 FindNextFileW 4228 405c16 FindClose 4225->4228 4225->4241 4226 405a76 5 API calls 4229 405c58 4226->4229 4228->4222 4230 405c72 4229->4230 4231 405c5c 4229->4231 4233 405414 24 API calls 4230->4233 4231->4209 4234 405414 24 API calls 4231->4234 4233->4209 4236 405c69 4234->4236 4235 405abe 60 API calls 4235->4241 4237 406176 36 API calls 4236->4237 4239 405c70 4237->4239 4238 405414 24 API calls 4238->4225 4239->4209 4240 405414 24 API calls 4240->4241 4241->4225 4241->4235 4241->4238 4241->4240 4262 4063b0 lstrcpynW 4241->4262 4263 405a76 4241->4263 4271 406176 MoveFileExW 4241->4271 4281 4063b0 lstrcpynW 4243->4281 4245 405d9a 4282 405d2c CharNextW CharNextW 4245->4282 4248 405ade 4248->4207 4248->4208 4249 406644 5 API calls 4254 405db0 4249->4254 4250 405de1 lstrlenW 4251 405dec 4250->4251 4250->4254 4253 405c81 3 API calls 4251->4253 4252 4066f3 2 API calls 4252->4254 4255 405df1 GetFileAttributesW 4253->4255 4254->4248 4254->4250 4254->4252 4256 405ccd 2 API calls 4254->4256 4255->4248 4256->4250 4257->4212 4259 405cdb 4258->4259 4260 405ce1 CharPrevW 4259->4260 4261 405ced 4259->4261 4260->4259 4260->4261 4261->4215 4262->4241 4288 405e7d GetFileAttributesW 4263->4288 4266 405aa3 4266->4241 4267 405a91 RemoveDirectoryW 4269 405a9f 4267->4269 4268 405a99 DeleteFileW 4268->4269 4269->4266 4270 405aaf SetFileAttributesW 4269->4270 4270->4266 4272 406197 4271->4272 4273 40618a 4271->4273 4272->4241 4291 405ffc 4273->4291 4276 405c42 4275->4276 4277 406709 FindClose 4275->4277 4276->4209 4276->4221 4277->4276 4279 405c4c 4278->4279 4280 405c9d lstrcatW 4278->4280 4279->4226 4280->4279 4281->4245 4283 405d49 4282->4283 4286 405d5b 4282->4286 4285 405d56 CharNextW 4283->4285 4283->4286 4284 405d7f 4284->4248 4284->4249 4285->4284 4286->4284 4287 405cae CharNextW 4286->4287 4287->4286 4289 405a82 4288->4289 4290 405e8f SetFileAttributesW 4288->4290 4289->4266 4289->4267 4289->4268 4290->4289 4292 406052 GetShortPathNameW 4291->4292 4293 40602c 4291->4293 4294 406171 4292->4294 4295 406067 4292->4295 4318 405ea2 GetFileAttributesW CreateFileW 4293->4318 4294->4272 4295->4294 4297 40606f wsprintfA 4295->4297 4299 4063d2 17 API calls 4297->4299 4298 406036 CloseHandle GetShortPathNameW 4298->4294 4300 40604a 4298->4300 4301 406097 4299->4301 4300->4292 4300->4294 4319 405ea2 GetFileAttributesW CreateFileW 4301->4319 4303 4060a4 4303->4294 4304 4060b3 GetFileSize GlobalAlloc 4303->4304 4305 4060d5 4304->4305 4306 40616a CloseHandle 4304->4306 4320 405f25 ReadFile 4305->4320 4306->4294 4311 4060f4 lstrcpyA 4314 406116 4311->4314 4312 406108 4313 405e07 4 API calls 4312->4313 4313->4314 4315 40614d SetFilePointer 4314->4315 4327 405f54 WriteFile 4315->4327 4318->4298 4319->4303 4321 405f43 4320->4321 4321->4306 4322 405e07 lstrlenA 4321->4322 4323 405e48 lstrlenA 4322->4323 4324 405e50 4323->4324 4325 405e21 lstrcmpiA 4323->4325 4324->4311 4324->4312 4325->4324 4326 405e3f CharNextA 4325->4326 4326->4323 4328 405f72 GlobalFree 4327->4328 4328->4306 4329 4015c1 4330 402c37 17 API calls 4329->4330 4331 4015c8 4330->4331 4332 405d2c 4 API calls 4331->4332 4344 4015d1 4332->4344 4333 401631 4335 401663 4333->4335 4336 401636 4333->4336 4334 405cae CharNextW 4334->4344 4339 401423 24 API calls 4335->4339 4356 401423 4336->4356 4346 40165b 4339->4346 4343 40164a SetCurrentDirectoryW 4343->4346 4344->4333 4344->4334 4345 401617 GetFileAttributesW 4344->4345 4348 40597d 4344->4348 4351 4058e3 CreateDirectoryW 4344->4351 4360 405960 CreateDirectoryW 4344->4360 4345->4344 4363 40678a GetModuleHandleA 4348->4363 4352 405930 4351->4352 4353 405934 GetLastError 4351->4353 4352->4344 4353->4352 4354 405943 SetFileSecurityW 4353->4354 4354->4352 4355 405959 GetLastError 4354->4355 4355->4352 4357 405414 24 API calls 4356->4357 4358 401431 4357->4358 4359 4063b0 lstrcpynW 4358->4359 4359->4343 4361 405970 4360->4361 4362 405974 GetLastError 4360->4362 4361->4344 4362->4361 4364 4067b0 GetProcAddress 4363->4364 4365 4067a6 4363->4365 4367 405984 4364->4367 4369 40671a GetSystemDirectoryW 4365->4369 4367->4344 4368 4067ac 4368->4364 4368->4367 4370 40673c wsprintfW LoadLibraryExW 4369->4370 4370->4368 4375 401e43 4383 402c15 4375->4383 4377 401e49 4378 402c15 17 API calls 4377->4378 4379 401e55 4378->4379 4380 401e61 ShowWindow 4379->4380 4381 401e6c EnableWindow 4379->4381 4382 402abf 4380->4382 4381->4382 4384 4063d2 17 API calls 4383->4384 4385 402c2a 4384->4385 4385->4377 4390 402644 4391 402c15 17 API calls 4390->4391 4400 402653 4391->4400 4392 402790 4393 40269d ReadFile 4393->4392 4393->4400 4394 402736 4394->4392 4394->4400 4404 405f83 SetFilePointer 4394->4404 4395 405f25 ReadFile 4395->4400 4397 402792 4413 4062f7 wsprintfW 4397->4413 4398 4026dd MultiByteToWideChar 4398->4400 4400->4392 4400->4393 4400->4394 4400->4395 4400->4397 4400->4398 4401 402703 SetFilePointer MultiByteToWideChar 4400->4401 4402 4027a3 4400->4402 4401->4400 4402->4392 4403 4027c4 SetFilePointer 4402->4403 4403->4392 4405 405f9f 4404->4405 4412 405fbb 4404->4412 4406 405f25 ReadFile 4405->4406 4407 405fab 4406->4407 4408 405fc4 SetFilePointer 4407->4408 4409 405fec SetFilePointer 4407->4409 4407->4412 4408->4409 4410 405fcf 4408->4410 4409->4412 4411 405f54 WriteFile 4410->4411 4411->4412 4412->4394 4413->4392 5107 402348 5108 402c37 17 API calls 5107->5108 5109 402357 5108->5109 5110 402c37 17 API calls 5109->5110 5111 402360 5110->5111 5112 402c37 17 API calls 5111->5112 5113 40236a GetPrivateProfileStringW 5112->5113 5117 4016cc 5118 402c37 17 API calls 5117->5118 5119 4016d2 GetFullPathNameW 5118->5119 5120 4016ec 5119->5120 5126 40170e 5119->5126 5122 4066f3 2 API calls 5120->5122 5120->5126 5121 401723 GetShortPathNameW 5123 402abf 5121->5123 5124 4016fe 5122->5124 5124->5126 5127 4063b0 lstrcpynW 5124->5127 5126->5121 5126->5123 5127->5126 5128 401b4d 5129 402c37 17 API calls 5128->5129 5130 401b54 5129->5130 5131 402c15 17 API calls 5130->5131 5132 401b5d wsprintfW 5131->5132 5133 402abf 5132->5133 5134 4047cd 5135 404803 5134->5135 5136 4047dd 5134->5136 5144 4043ac 5135->5144 5141 404345 5136->5141 5140 4047ea SetDlgItemTextW 5140->5135 5142 4063d2 17 API calls 5141->5142 5143 404350 SetDlgItemTextW 5142->5143 5143->5140 5145 4043c4 GetWindowLongW 5144->5145 5155 40444d 5144->5155 5146 4043d5 5145->5146 5145->5155 5147 4043e4 GetSysColor 5146->5147 5148 4043e7 5146->5148 5147->5148 5149 4043f7 SetBkMode 5148->5149 5150 4043ed SetTextColor 5148->5150 5151 404415 5149->5151 5152 40440f GetSysColor 5149->5152 5150->5149 5153 404426 5151->5153 5154 40441c SetBkColor 5151->5154 5152->5151 5153->5155 5156 404440 CreateBrushIndirect 5153->5156 5157 404439 DeleteObject 5153->5157 5154->5153 5156->5155 5157->5156 5158 401f52 5159 402c37 17 API calls 5158->5159 5160 401f59 5159->5160 5161 4066f3 2 API calls 5160->5161 5162 401f5f 5161->5162 5164 401f70 5162->5164 5165 4062f7 wsprintfW 5162->5165 5165->5164 5166 402253 5167 402c37 17 API calls 5166->5167 5168 402259 5167->5168 5169 402c37 17 API calls 5168->5169 5170 402262 5169->5170 5171 402c37 17 API calls 5170->5171 5172 40226b 5171->5172 5173 4066f3 2 API calls 5172->5173 5174 402274 5173->5174 5175 402285 lstrlenW lstrlenW 5174->5175 5176 402278 5174->5176 5178 405414 24 API calls 5175->5178 5177 405414 24 API calls 5176->5177 5180 402280 5177->5180 5179 4022c3 SHFileOperationW 5178->5179 5179->5176 5179->5180 5181 405553 5182 405574 GetDlgItem GetDlgItem GetDlgItem 5181->5182 5183 4056fd 5181->5183 5226 40437a SendMessageW 5182->5226 5185 405706 GetDlgItem CreateThread CloseHandle 5183->5185 5186 40572e 5183->5186 5185->5186 5188 405759 5186->5188 5189 405745 ShowWindow ShowWindow 5186->5189 5190 40577e 5186->5190 5187 4055e4 5192 4055eb GetClientRect GetSystemMetrics SendMessageW SendMessageW 5187->5192 5191 4057b9 5188->5191 5194 405793 ShowWindow 5188->5194 5195 40576d 5188->5195 5228 40437a SendMessageW 5189->5228 5196 4043ac 8 API calls 5190->5196 5191->5190 5201 4057c7 SendMessageW 5191->5201 5199 405659 5192->5199 5200 40563d SendMessageW SendMessageW 5192->5200 5197 4057b3 5194->5197 5198 4057a5 5194->5198 5229 40431e 5195->5229 5203 40578c 5196->5203 5205 40431e SendMessageW 5197->5205 5204 405414 24 API calls 5198->5204 5206 40566c 5199->5206 5207 40565e SendMessageW 5199->5207 5200->5199 5201->5203 5208 4057e0 CreatePopupMenu 5201->5208 5204->5197 5205->5191 5210 404345 18 API calls 5206->5210 5207->5206 5209 4063d2 17 API calls 5208->5209 5211 4057f0 AppendMenuW 5209->5211 5212 40567c 5210->5212 5213 405820 TrackPopupMenu 5211->5213 5214 40580d GetWindowRect 5211->5214 5215 405685 ShowWindow 5212->5215 5216 4056b9 GetDlgItem SendMessageW 5212->5216 5213->5203 5218 40583b 5213->5218 5214->5213 5219 4056a8 5215->5219 5220 40569b ShowWindow 5215->5220 5216->5203 5217 4056e0 SendMessageW SendMessageW 5216->5217 5217->5203 5221 405857 SendMessageW 5218->5221 5227 40437a SendMessageW 5219->5227 5220->5219 5221->5221 5222 405874 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 5221->5222 5224 405899 SendMessageW 5222->5224 5224->5224 5225 4058c2 GlobalUnlock SetClipboardData CloseClipboard 5224->5225 5225->5203 5226->5187 5227->5216 5228->5188 5230 404325 5229->5230 5231 40432b SendMessageW 5229->5231 5230->5231 5231->5190 5232 401956 5233 402c37 17 API calls 5232->5233 5234 40195d lstrlenW 5233->5234 5235 40258c 5234->5235 5038 4014d7 5039 402c15 17 API calls 5038->5039 5040 4014dd Sleep 5039->5040 5042 402abf 5040->5042 5236 401d57 GetDlgItem GetClientRect 5237 402c37 17 API calls 5236->5237 5238 401d89 LoadImageW SendMessageW 5237->5238 5239 401da7 DeleteObject 5238->5239 5240 402abf 5238->5240 5239->5240 5241 4022d7 5242 4022f1 5241->5242 5243 4022de 5241->5243 5244 4063d2 17 API calls 5243->5244 5245 4022eb 5244->5245 5246 405a12 MessageBoxIndirectW 5245->5246 5246->5242 5247 402dd7 5248 402e02 5247->5248 5249 402de9 SetTimer 5247->5249 5250 402e50 5248->5250 5251 402e56 MulDiv 5248->5251 5249->5248 5252 402e10 wsprintfW SetWindowTextW SetDlgItemTextW 5251->5252 5252->5250 5254 404459 lstrcpynW lstrlenW 5043 40175c 5044 402c37 17 API calls 5043->5044 5045 401763 5044->5045 5046 405ed1 2 API calls 5045->5046 5047 40176a 5046->5047 5048 405ed1 2 API calls 5047->5048 5048->5047 5061 4023de 5062 402c37 17 API calls 5061->5062 5063 4023f0 5062->5063 5064 402c37 17 API calls 5063->5064 5065 4023fa 5064->5065 5078 402cc7 5065->5078 5068 402432 5071 402c15 17 API calls 5068->5071 5073 40243e 5068->5073 5069 402885 5070 402c37 17 API calls 5074 402428 lstrlenW 5070->5074 5071->5073 5072 40245d RegSetValueExW 5076 402473 RegCloseKey 5072->5076 5073->5072 5075 4031ba 44 API calls 5073->5075 5074->5068 5075->5072 5076->5069 5079 402ce2 5078->5079 5082 40624b 5079->5082 5083 40625a 5082->5083 5084 40240a 5083->5084 5085 406265 RegCreateKeyExW 5083->5085 5084->5068 5084->5069 5084->5070 5085->5084 5262 402862 5263 402c37 17 API calls 5262->5263 5264 402869 FindFirstFileW 5263->5264 5265 402891 5264->5265 5269 40287c 5264->5269 5270 4062f7 wsprintfW 5265->5270 5267 40289a 5271 4063b0 lstrcpynW 5267->5271 5270->5267 5271->5269 5272 4044e2 5273 4044fa 5272->5273 5280 404614 5272->5280 5277 404345 18 API calls 5273->5277 5274 40467e 5275 404748 5274->5275 5276 404688 GetDlgItem 5274->5276 5282 4043ac 8 API calls 5275->5282 5278 4046a2 5276->5278 5279 404709 5276->5279 5281 404561 5277->5281 5278->5279 5286 4046c8 SendMessageW LoadCursorW SetCursor 5278->5286 5279->5275 5287 40471b 5279->5287 5280->5274 5280->5275 5283 40464f GetDlgItem SendMessageW 5280->5283 5285 404345 18 API calls 5281->5285 5296 404743 5282->5296 5305 404367 EnableWindow 5283->5305 5289 40456e CheckDlgButton 5285->5289 5309 404791 5286->5309 5291 404731 5287->5291 5292 404721 SendMessageW 5287->5292 5288 404679 5306 40476d 5288->5306 5303 404367 EnableWindow 5289->5303 5291->5296 5297 404737 SendMessageW 5291->5297 5292->5291 5297->5296 5298 40458c GetDlgItem 5304 40437a SendMessageW 5298->5304 5300 4045a2 SendMessageW 5301 4045c8 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5300->5301 5302 4045bf GetSysColor 5300->5302 5301->5296 5302->5301 5303->5298 5304->5300 5305->5288 5307 404780 SendMessageW 5306->5307 5308 40477b 5306->5308 5307->5274 5308->5307 5312 4059d8 ShellExecuteExW 5309->5312 5311 4046f7 LoadCursorW SetCursor 5311->5279 5312->5311 5313 401563 5314 402a65 5313->5314 5317 4062f7 wsprintfW 5314->5317 5316 402a6a 5317->5316 5318 401968 5319 402c15 17 API calls 5318->5319 5320 40196f 5319->5320 5321 402c15 17 API calls 5320->5321 5322 40197c 5321->5322 5323 402c37 17 API calls 5322->5323 5324 401993 lstrlenW 5323->5324 5325 4019a4 5324->5325 5326 4019e5 5325->5326 5330 4063b0 lstrcpynW 5325->5330 5328 4019d5 5328->5326 5329 4019da lstrlenW 5328->5329 5329->5326 5330->5328 4458 4027e9 4459 4027f0 4458->4459 4461 402a6a 4458->4461 4460 402c15 17 API calls 4459->4460 4462 4027f7 4460->4462 4463 402806 SetFilePointer 4462->4463 4463->4461 4464 402816 4463->4464 4466 4062f7 wsprintfW 4464->4466 4466->4461 5331 100018a9 5333 100018cc 5331->5333 5332 10001911 5335 10001272 2 API calls 5332->5335 5333->5332 5334 100018ff GlobalFree 5333->5334 5334->5332 5336 10001a87 GlobalFree GlobalFree 5335->5336 5337 40166a 5338 402c37 17 API calls 5337->5338 5339 401670 5338->5339 5340 4066f3 2 API calls 5339->5340 5341 401676 5340->5341 5342 404b6a 5343 404b96 5342->5343 5344 404b7a 5342->5344 5346 404bc9 5343->5346 5347 404b9c SHGetPathFromIDListW 5343->5347 5353 4059f6 GetDlgItemTextW 5344->5353 5349 404bac 5347->5349 5352 404bb3 SendMessageW 5347->5352 5348 404b87 SendMessageW 5348->5343 5351 40140b 2 API calls 5349->5351 5351->5352 5352->5346 5353->5348 5354 403e6c 5355 403e84 5354->5355 5356 403fbf 5354->5356 5355->5356 5357 403e90 5355->5357 5358 403fd0 GetDlgItem GetDlgItem 5356->5358 5359 404010 5356->5359 5360 403e9b SetWindowPos 5357->5360 5361 403eae 5357->5361 5362 404345 18 API calls 5358->5362 5363 40406a 5359->5363 5371 401389 2 API calls 5359->5371 5360->5361 5365 403eb3 ShowWindow 5361->5365 5366 403ecb 5361->5366 5367 403ffa SetClassLongW 5362->5367 5364 404391 SendMessageW 5363->5364 5384 403fba 5363->5384 5381 40407c 5364->5381 5365->5366 5368 403ed3 DestroyWindow 5366->5368 5369 403eed 5366->5369 5370 40140b 2 API calls 5367->5370 5422 4042ce 5368->5422 5372 403ef2 SetWindowLongW 5369->5372 5373 403f03 5369->5373 5370->5359 5374 404042 5371->5374 5372->5384 5377 403f0f GetDlgItem 5373->5377 5392 403f7a 5373->5392 5374->5363 5378 404046 SendMessageW 5374->5378 5375 40140b 2 API calls 5375->5381 5376 4042d0 DestroyWindow EndDialog 5376->5422 5382 403f22 SendMessageW IsWindowEnabled 5377->5382 5383 403f3f 5377->5383 5378->5384 5379 4043ac 8 API calls 5379->5384 5380 4042ff ShowWindow 5380->5384 5381->5375 5381->5376 5381->5384 5385 4063d2 17 API calls 5381->5385 5395 404345 18 API calls 5381->5395 5397 404345 18 API calls 5381->5397 5413 404210 DestroyWindow 5381->5413 5382->5383 5382->5384 5386 403f4c 5383->5386 5387 403f93 SendMessageW 5383->5387 5388 403f5f 5383->5388 5396 403f44 5383->5396 5385->5381 5386->5387 5386->5396 5387->5392 5390 403f67 5388->5390 5391 403f7c 5388->5391 5389 40431e SendMessageW 5389->5392 5393 40140b 2 API calls 5390->5393 5394 40140b 2 API calls 5391->5394 5392->5379 5393->5396 5394->5396 5395->5381 5396->5389 5396->5392 5398 4040f7 GetDlgItem 5397->5398 5399 404114 ShowWindow EnableWindow 5398->5399 5400 40410c 5398->5400 5423 404367 EnableWindow 5399->5423 5400->5399 5402 40413e EnableWindow 5407 404152 5402->5407 5403 404157 GetSystemMenu EnableMenuItem SendMessageW 5404 404187 SendMessageW 5403->5404 5403->5407 5404->5407 5406 403e4d 18 API calls 5406->5407 5407->5403 5407->5406 5424 40437a SendMessageW 5407->5424 5425 4063b0 lstrcpynW 5407->5425 5409 4041b6 lstrlenW 5410 4063d2 17 API calls 5409->5410 5411 4041cc SetWindowTextW 5410->5411 5412 401389 2 API calls 5411->5412 5412->5381 5414 40422a CreateDialogParamW 5413->5414 5413->5422 5415 40425d 5414->5415 5414->5422 5416 404345 18 API calls 5415->5416 5417 404268 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 5416->5417 5418 401389 2 API calls 5417->5418 5419 4042ae 5418->5419 5419->5384 5420 4042b6 ShowWindow 5419->5420 5421 404391 SendMessageW 5420->5421 5421->5422 5422->5380 5422->5384 5423->5402 5424->5407 5425->5409 5426 401ced 5427 402c15 17 API calls 5426->5427 5428 401cf3 IsWindow 5427->5428 5429 401a20 5428->5429 4962 40176f 4963 402c37 17 API calls 4962->4963 4964 401776 4963->4964 4965 401796 4964->4965 4966 40179e 4964->4966 5002 4063b0 lstrcpynW 4965->5002 5003 4063b0 lstrcpynW 4966->5003 4969 40179c 4973 406644 5 API calls 4969->4973 4970 4017a9 4971 405c81 3 API calls 4970->4971 4972 4017af lstrcatW 4971->4972 4972->4969 4978 4017bb 4973->4978 4974 4066f3 2 API calls 4974->4978 4975 4017f7 4976 405e7d 2 API calls 4975->4976 4976->4978 4978->4974 4978->4975 4979 4017cd CompareFileTime 4978->4979 4980 40188d 4978->4980 4987 4063d2 17 API calls 4978->4987 4992 4063b0 lstrcpynW 4978->4992 4997 405a12 MessageBoxIndirectW 4978->4997 4998 401864 4978->4998 5001 405ea2 GetFileAttributesW CreateFileW 4978->5001 4979->4978 4981 405414 24 API calls 4980->4981 4983 401897 4981->4983 4982 405414 24 API calls 5000 401879 4982->5000 4984 4031ba 44 API calls 4983->4984 4985 4018aa 4984->4985 4986 4018be SetFileTime 4985->4986 4988 4018d0 CloseHandle 4985->4988 4986->4988 4987->4978 4989 4018e1 4988->4989 4988->5000 4990 4018e6 4989->4990 4991 4018f9 4989->4991 4993 4063d2 17 API calls 4990->4993 4994 4063d2 17 API calls 4991->4994 4992->4978 4995 4018ee lstrcatW 4993->4995 4996 401901 4994->4996 4995->4996 4999 405a12 MessageBoxIndirectW 4996->4999 4997->4978 4998->4982 4998->5000 4999->5000 5001->4978 5002->4969 5003->4970 5437 402570 5438 402c37 17 API calls 5437->5438 5439 402577 5438->5439 5442 405ea2 GetFileAttributesW CreateFileW 5439->5442 5441 402583 5442->5441 5004 401b71 5005 401bc2 5004->5005 5006 401b7e 5004->5006 5008 401bc7 5005->5008 5009 401bec GlobalAlloc 5005->5009 5007 401c07 5006->5007 5012 401b95 5006->5012 5010 4063d2 17 API calls 5007->5010 5022 4022f1 5007->5022 5008->5022 5025 4063b0 lstrcpynW 5008->5025 5011 4063d2 17 API calls 5009->5011 5014 4022eb 5010->5014 5011->5007 5023 4063b0 lstrcpynW 5012->5023 5018 405a12 MessageBoxIndirectW 5014->5018 5016 401bd9 GlobalFree 5016->5022 5017 401ba4 5024 4063b0 lstrcpynW 5017->5024 5018->5022 5020 401bb3 5026 4063b0 lstrcpynW 5020->5026 5023->5017 5024->5020 5025->5016 5026->5022 5027 4024f2 5028 402c77 17 API calls 5027->5028 5029 4024fc 5028->5029 5030 402c15 17 API calls 5029->5030 5031 402505 5030->5031 5032 402521 RegEnumKeyW 5031->5032 5033 40252d RegEnumValueW 5031->5033 5036 402885 5031->5036 5034 402549 RegCloseKey 5032->5034 5033->5034 5035 402542 5033->5035 5034->5036 5035->5034 5450 401a72 5451 402c15 17 API calls 5450->5451 5452 401a78 5451->5452 5453 402c15 17 API calls 5452->5453 5454 401a20 5453->5454 5455 401573 5456 401583 ShowWindow 5455->5456 5457 40158c 5455->5457 5456->5457 5458 40159a ShowWindow 5457->5458 5459 402abf 5457->5459 5458->5459 5460 4014f5 SetForegroundWindow 5461 402abf 5460->5461 5462 100016b6 5463 100016e5 5462->5463 5464 10001b18 22 API calls 5463->5464 5465 100016ec 5464->5465 5466 100016f3 5465->5466 5467 100016ff 5465->5467 5468 10001272 2 API calls 5466->5468 5469 10001726 5467->5469 5470 10001709 5467->5470 5478 100016fd 5468->5478 5472 10001750 5469->5472 5473 1000172c 5469->5473 5471 1000153d 3 API calls 5470->5471 5475 1000170e 5471->5475 5474 1000153d 3 API calls 5472->5474 5476 100015b4 3 API calls 5473->5476 5474->5478 5479 100015b4 3 API calls 5475->5479 5477 10001731 5476->5477 5480 10001272 2 API calls 5477->5480 5481 10001714 5479->5481 5482 10001737 GlobalFree 5480->5482 5483 10001272 2 API calls 5481->5483 5482->5478 5484 1000174b GlobalFree 5482->5484 5485 1000171a GlobalFree 5483->5485 5484->5478 5485->5478 5486 401e77 5487 402c37 17 API calls 5486->5487 5488 401e7d 5487->5488 5489 402c37 17 API calls 5488->5489 5490 401e86 5489->5490 5491 402c37 17 API calls 5490->5491 5492 401e8f 5491->5492 5493 402c37 17 API calls 5492->5493 5494 401e98 5493->5494 5495 401423 24 API calls 5494->5495 5496 401e9f 5495->5496 5503 4059d8 ShellExecuteExW 5496->5503 5498 401ee1 5499 40683b 5 API calls 5498->5499 5501 402885 5498->5501 5500 401efb CloseHandle 5499->5500 5500->5501 5503->5498 5504 406e77 5508 40693e 5504->5508 5505 4072a9 5506 4069c8 GlobalAlloc 5506->5505 5506->5508 5507 4069bf GlobalFree 5507->5506 5508->5505 5508->5506 5508->5507 5508->5508 5509 406a36 GlobalFree 5508->5509 5510 406a3f GlobalAlloc 5508->5510 5509->5510 5510->5505 5510->5508 5511 10002238 5512 10002296 5511->5512 5513 100022cc 5511->5513 5512->5513 5514 100022a8 GlobalAlloc 5512->5514 5514->5512 5515 40167b 5516 402c37 17 API calls 5515->5516 5517 401682 5516->5517 5518 402c37 17 API calls 5517->5518 5519 40168b 5518->5519 5520 402c37 17 API calls 5519->5520 5521 401694 MoveFileW 5520->5521 5522 4016a7 5521->5522 5528 4016a0 5521->5528 5523 40224a 5522->5523 5524 4066f3 2 API calls 5522->5524 5526 4016b6 5524->5526 5525 401423 24 API calls 5525->5523 5526->5523 5527 406176 36 API calls 5526->5527 5527->5528 5528->5525 5529 403a7c 5530 403a87 5529->5530 5531 403a8b 5530->5531 5532 403a8e GlobalAlloc 5530->5532 5532->5531 5533 1000103d 5534 1000101b 5 API calls 5533->5534 5535 10001056 5534->5535 5049 40247e 5050 402c77 17 API calls 5049->5050 5051 402488 5050->5051 5052 402c37 17 API calls 5051->5052 5053 402491 5052->5053 5054 40249c RegQueryValueExW 5053->5054 5058 402885 5053->5058 5055 4024c2 RegCloseKey 5054->5055 5056 4024bc 5054->5056 5055->5058 5056->5055 5060 4062f7 wsprintfW 5056->5060 5060->5055 5536 4020fe 5537 402c37 17 API calls 5536->5537 5538 402105 5537->5538 5539 402c37 17 API calls 5538->5539 5540 40210f 5539->5540 5541 402c37 17 API calls 5540->5541 5542 402119 5541->5542 5543 402c37 17 API calls 5542->5543 5544 402123 5543->5544 5545 402c37 17 API calls 5544->5545 5546 40212d 5545->5546 5547 40216c CoCreateInstance 5546->5547 5548 402c37 17 API calls 5546->5548 5551 40218b 5547->5551 5548->5547 5549 401423 24 API calls 5550 40224a 5549->5550 5551->5549 5551->5550 5552 4019ff 5553 402c37 17 API calls 5552->5553 5554 401a06 5553->5554 5555 402c37 17 API calls 5554->5555 5556 401a0f 5555->5556 5557 401a16 lstrcmpiW 5556->5557 5558 401a28 lstrcmpW 5556->5558 5559 401a1c 5557->5559 5558->5559 4111 401f00 4126 402c37 4111->4126 4120 401f2b 4122 401f30 4120->4122 4123 401f3b 4120->4123 4121 402885 4151 4062f7 wsprintfW 4122->4151 4125 401f39 CloseHandle 4123->4125 4125->4121 4127 402c43 4126->4127 4152 4063d2 4127->4152 4130 401f06 4132 405414 4130->4132 4133 40542f 4132->4133 4141 401f10 4132->4141 4134 40544b lstrlenW 4133->4134 4135 4063d2 17 API calls 4133->4135 4136 405474 4134->4136 4137 405459 lstrlenW 4134->4137 4135->4134 4139 405487 4136->4139 4140 40547a SetWindowTextW 4136->4140 4138 40546b lstrcatW 4137->4138 4137->4141 4138->4136 4139->4141 4142 40548d SendMessageW SendMessageW SendMessageW 4139->4142 4140->4139 4143 405995 CreateProcessW 4141->4143 4142->4141 4144 401f16 4143->4144 4145 4059c8 CloseHandle 4143->4145 4144->4121 4144->4125 4146 40683b WaitForSingleObject 4144->4146 4145->4144 4147 406855 4146->4147 4148 406867 GetExitCodeProcess 4147->4148 4194 4067c6 4147->4194 4148->4120 4151->4125 4153 4063df 4152->4153 4154 40662a 4153->4154 4157 4065f8 lstrlenW 4153->4157 4158 4063d2 10 API calls 4153->4158 4161 40650d GetSystemDirectoryW 4153->4161 4163 406520 GetWindowsDirectoryW 4153->4163 4164 406644 5 API calls 4153->4164 4165 4063d2 10 API calls 4153->4165 4166 40659b lstrcatW 4153->4166 4167 406554 SHGetSpecialFolderLocation 4153->4167 4178 40627e 4153->4178 4183 4062f7 wsprintfW 4153->4183 4184 4063b0 lstrcpynW 4153->4184 4155 402c64 4154->4155 4185 4063b0 lstrcpynW 4154->4185 4155->4130 4169 406644 4155->4169 4157->4153 4158->4157 4161->4153 4163->4153 4164->4153 4165->4153 4166->4153 4167->4153 4168 40656c SHGetPathFromIDListW CoTaskMemFree 4167->4168 4168->4153 4175 406651 4169->4175 4170 4066c7 4171 4066cc CharPrevW 4170->4171 4173 4066ed 4170->4173 4171->4170 4172 4066ba CharNextW 4172->4170 4172->4175 4173->4130 4175->4170 4175->4172 4176 4066a6 CharNextW 4175->4176 4177 4066b5 CharNextW 4175->4177 4190 405cae 4175->4190 4176->4175 4177->4172 4186 40621d 4178->4186 4181 4062b2 RegQueryValueExW RegCloseKey 4182 4062e2 4181->4182 4182->4153 4183->4153 4184->4153 4185->4155 4187 40622c 4186->4187 4188 406230 4187->4188 4189 406235 RegOpenKeyExW 4187->4189 4188->4181 4188->4182 4189->4188 4191 405cb4 4190->4191 4192 405cca 4191->4192 4193 405cbb CharNextW 4191->4193 4192->4175 4193->4191 4195 4067e3 PeekMessageW 4194->4195 4196 4067f3 WaitForSingleObject 4195->4196 4197 4067d9 DispatchMessageW 4195->4197 4196->4147 4197->4195 5560 401000 5561 401037 BeginPaint GetClientRect 5560->5561 5562 40100c DefWindowProcW 5560->5562 5564 4010f3 5561->5564 5565 401179 5562->5565 5566 401073 CreateBrushIndirect FillRect DeleteObject 5564->5566 5567 4010fc 5564->5567 5566->5564 5568 401102 CreateFontIndirectW 5567->5568 5569 401167 EndPaint 5567->5569 5568->5569 5570 401112 6 API calls 5568->5570 5569->5565 5570->5569 4372 100027c2 4373 10002812 4372->4373 4374 100027d2 VirtualProtect 4372->4374 4374->4373 5571 401503 5572 40150b 5571->5572 5574 40151e 5571->5574 5573 402c15 17 API calls 5572->5573 5573->5574 4414 402306 4415 40230e 4414->4415 4418 402314 4414->4418 4416 402c37 17 API calls 4415->4416 4416->4418 4417 402322 4420 402c37 17 API calls 4417->4420 4422 402330 4417->4422 4418->4417 4419 402c37 17 API calls 4418->4419 4419->4417 4420->4422 4421 402c37 17 API calls 4423 402339 WritePrivateProfileStringW 4421->4423 4422->4421 5582 401f86 5583 402c37 17 API calls 5582->5583 5584 401f8d 5583->5584 5585 40678a 5 API calls 5584->5585 5586 401f9c 5585->5586 5587 401fb8 GlobalAlloc 5586->5587 5588 402020 5586->5588 5587->5588 5589 401fcc 5587->5589 5590 40678a 5 API calls 5589->5590 5591 401fd3 5590->5591 5592 40678a 5 API calls 5591->5592 5593 401fdd 5592->5593 5593->5588 5597 4062f7 wsprintfW 5593->5597 5595 402012 5598 4062f7 wsprintfW 5595->5598 5597->5595 5598->5588 4424 402388 4425 402390 4424->4425 4426 4023bb 4424->4426 4440 402c77 4425->4440 4428 402c37 17 API calls 4426->4428 4430 4023c2 4428->4430 4436 402cf5 4430->4436 4431 4023a1 4433 402c37 17 API calls 4431->4433 4435 4023a8 RegDeleteValueW RegCloseKey 4433->4435 4434 4023cf 4435->4434 4437 402d0b 4436->4437 4438 402d21 4437->4438 4445 402d2a 4437->4445 4438->4434 4441 402c37 17 API calls 4440->4441 4442 402c8e 4441->4442 4443 40621d RegOpenKeyExW 4442->4443 4444 402397 4443->4444 4444->4431 4444->4434 4446 40621d RegOpenKeyExW 4445->4446 4447 402d58 4446->4447 4448 402dd0 4447->4448 4453 402d5c 4447->4453 4448->4438 4449 402d7e RegEnumKeyW 4450 402d95 RegCloseKey 4449->4450 4449->4453 4451 40678a 5 API calls 4450->4451 4454 402da5 4451->4454 4452 402db6 RegCloseKey 4452->4448 4453->4449 4453->4450 4453->4452 4455 402d2a 6 API calls 4453->4455 4456 402dc4 RegDeleteKeyW 4454->4456 4457 402da9 4454->4457 4455->4453 4456->4448 4457->4448 5599 405388 5600 405398 5599->5600 5601 4053ac 5599->5601 5602 4053f5 5600->5602 5603 40539e 5600->5603 5604 4053b4 IsWindowVisible 5601->5604 5610 4053cb 5601->5610 5605 4053fa CallWindowProcW 5602->5605 5606 404391 SendMessageW 5603->5606 5604->5602 5607 4053c1 5604->5607 5608 4053a8 5605->5608 5606->5608 5612 404cde SendMessageW 5607->5612 5610->5605 5617 404d5e 5610->5617 5613 404d01 GetMessagePos ScreenToClient SendMessageW 5612->5613 5614 404d3d SendMessageW 5612->5614 5615 404d35 5613->5615 5616 404d3a 5613->5616 5614->5615 5615->5610 5616->5614 5626 4063b0 lstrcpynW 5617->5626 5619 404d71 5627 4062f7 wsprintfW 5619->5627 5621 404d7b 5622 40140b 2 API calls 5621->5622 5623 404d84 5622->5623 5628 4063b0 lstrcpynW 5623->5628 5625 404d8b 5625->5602 5626->5619 5627->5621 5628->5625 4467 403489 SetErrorMode GetVersion 4468 4034c8 4467->4468 4469 4034ce 4467->4469 4470 40678a 5 API calls 4468->4470 4471 40671a 3 API calls 4469->4471 4470->4469 4472 4034e4 lstrlenA 4471->4472 4472->4469 4473 4034f4 4472->4473 4474 40678a 5 API calls 4473->4474 4475 4034fb 4474->4475 4476 40678a 5 API calls 4475->4476 4477 403502 4476->4477 4478 40678a 5 API calls 4477->4478 4479 40350e #17 OleInitialize SHGetFileInfoW 4478->4479 4558 4063b0 lstrcpynW 4479->4558 4482 40355a GetCommandLineW 4559 4063b0 lstrcpynW 4482->4559 4484 40356c GetModuleHandleW 4485 403584 4484->4485 4486 405cae CharNextW 4485->4486 4487 403593 CharNextW 4486->4487 4488 4036bd GetTempPathW 4487->4488 4498 4035ac 4487->4498 4560 403458 4488->4560 4490 4036d5 4491 4036d9 GetWindowsDirectoryW lstrcatW 4490->4491 4492 40372f DeleteFileW 4490->4492 4493 403458 12 API calls 4491->4493 4570 402f14 GetTickCount GetModuleFileNameW 4492->4570 4496 4036f5 4493->4496 4494 405cae CharNextW 4494->4498 4496->4492 4499 4036f9 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 4496->4499 4497 403743 4504 4037e6 4497->4504 4508 405cae CharNextW 4497->4508 4553 4037f6 4497->4553 4498->4494 4501 4036a8 4498->4501 4503 4036a6 4498->4503 4502 403458 12 API calls 4499->4502 4657 4063b0 lstrcpynW 4501->4657 4506 403727 4502->4506 4503->4488 4600 403abe 4504->4600 4506->4492 4506->4553 4521 403762 4508->4521 4510 403930 4513 4039b4 ExitProcess 4510->4513 4514 403938 GetCurrentProcess OpenProcessToken 4510->4514 4511 403810 4669 405a12 4511->4669 4519 403950 LookupPrivilegeValueW AdjustTokenPrivileges 4514->4519 4520 403984 4514->4520 4516 4037c0 4522 405d89 18 API calls 4516->4522 4517 403826 4523 40597d 5 API calls 4517->4523 4519->4520 4524 40678a 5 API calls 4520->4524 4521->4516 4521->4517 4525 4037cc 4522->4525 4526 40382b lstrcatW 4523->4526 4527 40398b 4524->4527 4525->4553 4658 4063b0 lstrcpynW 4525->4658 4528 403847 lstrcatW lstrcmpiW 4526->4528 4529 40383c lstrcatW 4526->4529 4530 4039a0 ExitWindowsEx 4527->4530 4531 4039ad 4527->4531 4533 403863 4528->4533 4528->4553 4529->4528 4530->4513 4530->4531 4675 40140b 4531->4675 4536 403868 4533->4536 4537 40386f 4533->4537 4535 4037db 4659 4063b0 lstrcpynW 4535->4659 4540 4058e3 4 API calls 4536->4540 4538 405960 2 API calls 4537->4538 4541 403874 SetCurrentDirectoryW 4538->4541 4542 40386d 4540->4542 4543 403884 4541->4543 4544 40388f 4541->4544 4542->4541 4673 4063b0 lstrcpynW 4543->4673 4674 4063b0 lstrcpynW 4544->4674 4547 4063d2 17 API calls 4548 4038ce DeleteFileW 4547->4548 4549 4038db CopyFileW 4548->4549 4554 40389d 4548->4554 4549->4554 4550 403924 4551 406176 36 API calls 4550->4551 4551->4553 4552 406176 36 API calls 4552->4554 4660 4039cc 4553->4660 4554->4547 4554->4550 4554->4552 4555 4063d2 17 API calls 4554->4555 4556 405995 2 API calls 4554->4556 4557 40390f CloseHandle 4554->4557 4555->4554 4556->4554 4557->4554 4558->4482 4559->4484 4561 406644 5 API calls 4560->4561 4562 403464 4561->4562 4563 40346e 4562->4563 4564 405c81 3 API calls 4562->4564 4563->4490 4565 403476 4564->4565 4566 405960 2 API calls 4565->4566 4567 40347c 4566->4567 4678 405ed1 4567->4678 4682 405ea2 GetFileAttributesW CreateFileW 4570->4682 4572 402f57 4599 402f64 4572->4599 4683 4063b0 lstrcpynW 4572->4683 4574 402f7a 4575 405ccd 2 API calls 4574->4575 4576 402f80 4575->4576 4684 4063b0 lstrcpynW 4576->4684 4578 402f8b GetFileSize 4579 40308c 4578->4579 4597 402fa2 4578->4597 4685 402e72 4579->4685 4583 403127 4586 402e72 32 API calls 4583->4586 4584 4030cf GlobalAlloc 4585 4030e6 4584->4585 4590 405ed1 2 API calls 4585->4590 4586->4599 4588 4030b0 4591 40342b ReadFile 4588->4591 4589 402e72 32 API calls 4589->4597 4593 4030f7 CreateFileW 4590->4593 4592 4030bb 4591->4592 4592->4584 4592->4599 4594 403131 4593->4594 4593->4599 4700 403441 SetFilePointer 4594->4700 4596 40313f 4701 4031ba 4596->4701 4597->4579 4597->4583 4597->4589 4597->4599 4716 40342b 4597->4716 4599->4497 4601 40678a 5 API calls 4600->4601 4602 403ad2 4601->4602 4603 403ad8 4602->4603 4604 403aea 4602->4604 4752 4062f7 wsprintfW 4603->4752 4605 40627e 3 API calls 4604->4605 4606 403b1a 4605->4606 4607 403b39 lstrcatW 4606->4607 4609 40627e 3 API calls 4606->4609 4610 403ae8 4607->4610 4609->4607 4744 403d94 4610->4744 4613 405d89 18 API calls 4614 403b6b 4613->4614 4615 403bff 4614->4615 4617 40627e 3 API calls 4614->4617 4616 405d89 18 API calls 4615->4616 4618 403c05 4616->4618 4620 403b9d 4617->4620 4619 403c15 LoadImageW 4618->4619 4621 4063d2 17 API calls 4618->4621 4622 403cbb 4619->4622 4623 403c3c RegisterClassW 4619->4623 4620->4615 4624 403bbe lstrlenW 4620->4624 4627 405cae CharNextW 4620->4627 4621->4619 4626 40140b 2 API calls 4622->4626 4625 403c72 SystemParametersInfoW CreateWindowExW 4623->4625 4656 403cc5 4623->4656 4628 403bf2 4624->4628 4629 403bcc lstrcmpiW 4624->4629 4625->4622 4630 403cc1 4626->4630 4631 403bbb 4627->4631 4633 405c81 3 API calls 4628->4633 4629->4628 4632 403bdc GetFileAttributesW 4629->4632 4635 403d94 18 API calls 4630->4635 4630->4656 4631->4624 4634 403be8 4632->4634 4636 403bf8 4633->4636 4634->4628 4637 405ccd 2 API calls 4634->4637 4638 403cd2 4635->4638 4753 4063b0 lstrcpynW 4636->4753 4637->4628 4640 403d61 4638->4640 4641 403cde ShowWindow 4638->4641 4754 4054e7 OleInitialize 4640->4754 4643 40671a 3 API calls 4641->4643 4645 403cf6 4643->4645 4644 403d67 4646 403d83 4644->4646 4647 403d6b 4644->4647 4648 403d04 GetClassInfoW 4645->4648 4650 40671a 3 API calls 4645->4650 4649 40140b 2 API calls 4646->4649 4654 40140b 2 API calls 4647->4654 4647->4656 4651 403d18 GetClassInfoW RegisterClassW 4648->4651 4652 403d2e DialogBoxParamW 4648->4652 4649->4656 4650->4648 4651->4652 4653 40140b 2 API calls 4652->4653 4655 403d56 4653->4655 4654->4656 4655->4656 4656->4553 4657->4503 4658->4535 4659->4504 4661 4039e7 4660->4661 4662 4039dd CloseHandle 4660->4662 4663 4039f1 CloseHandle 4661->4663 4664 4039fb 4661->4664 4662->4661 4663->4664 4772 403a29 4664->4772 4667 405abe 67 API calls 4668 4037ff OleUninitialize 4667->4668 4668->4510 4668->4511 4670 405a27 4669->4670 4671 40381e ExitProcess 4670->4671 4672 405a3b MessageBoxIndirectW 4670->4672 4672->4671 4673->4544 4674->4554 4676 401389 2 API calls 4675->4676 4677 401420 4676->4677 4677->4513 4679 405ede GetTickCount GetTempFileNameW 4678->4679 4680 405f14 4679->4680 4681 403487 4679->4681 4680->4679 4680->4681 4681->4490 4682->4572 4683->4574 4684->4578 4686 402e83 4685->4686 4687 402e9b 4685->4687 4688 402e93 4686->4688 4689 402e8c DestroyWindow 4686->4689 4690 402ea3 4687->4690 4691 402eab GetTickCount 4687->4691 4688->4584 4688->4599 4719 403441 SetFilePointer 4688->4719 4689->4688 4693 4067c6 2 API calls 4690->4693 4691->4688 4692 402eb9 4691->4692 4694 402ec1 4692->4694 4695 402eee CreateDialogParamW ShowWindow 4692->4695 4693->4688 4694->4688 4720 402e56 4694->4720 4695->4688 4697 402ecf wsprintfW 4698 405414 24 API calls 4697->4698 4699 402eec 4698->4699 4699->4688 4700->4596 4702 4031e5 4701->4702 4703 4031c9 SetFilePointer 4701->4703 4723 4032c2 GetTickCount 4702->4723 4703->4702 4706 405f25 ReadFile 4707 403205 4706->4707 4708 4032c2 42 API calls 4707->4708 4715 403282 4707->4715 4709 40321c 4708->4709 4710 403288 ReadFile 4709->4710 4713 40322b 4709->4713 4709->4715 4710->4715 4712 405f25 ReadFile 4712->4713 4713->4712 4714 405f54 WriteFile 4713->4714 4713->4715 4714->4713 4715->4599 4717 405f25 ReadFile 4716->4717 4718 40343e 4717->4718 4718->4597 4719->4588 4721 402e65 4720->4721 4722 402e67 MulDiv 4720->4722 4721->4722 4722->4697 4724 4032f0 4723->4724 4725 40341a 4723->4725 4736 403441 SetFilePointer 4724->4736 4726 402e72 32 API calls 4725->4726 4732 4031ec 4726->4732 4728 4032fb SetFilePointer 4734 403320 4728->4734 4729 40342b ReadFile 4729->4734 4731 402e72 32 API calls 4731->4734 4732->4706 4732->4715 4733 405f54 WriteFile 4733->4734 4734->4729 4734->4731 4734->4732 4734->4733 4735 4033fb SetFilePointer 4734->4735 4737 40690b 4734->4737 4735->4725 4736->4728 4738 406930 4737->4738 4741 406938 4737->4741 4738->4734 4739 4069c8 GlobalAlloc 4739->4738 4739->4741 4740 4069bf GlobalFree 4740->4739 4741->4738 4741->4739 4741->4740 4742 406a36 GlobalFree 4741->4742 4743 406a3f GlobalAlloc 4741->4743 4742->4743 4743->4738 4743->4741 4745 403da8 4744->4745 4761 4062f7 wsprintfW 4745->4761 4747 403e19 4762 403e4d 4747->4762 4749 403b49 4749->4613 4750 403e1e 4750->4749 4751 4063d2 17 API calls 4750->4751 4751->4750 4752->4610 4753->4615 4765 404391 4754->4765 4756 40550a 4760 405531 4756->4760 4768 401389 4756->4768 4757 404391 SendMessageW 4758 405543 OleUninitialize 4757->4758 4758->4644 4760->4757 4761->4747 4763 4063d2 17 API calls 4762->4763 4764 403e5b SetWindowTextW 4763->4764 4764->4750 4766 4043a9 4765->4766 4767 40439a SendMessageW 4765->4767 4766->4756 4767->4766 4770 401390 4768->4770 4769 4013fe 4769->4756 4770->4769 4771 4013cb MulDiv SendMessageW 4770->4771 4771->4770 4773 403a37 4772->4773 4774 403a00 4773->4774 4775 403a3c FreeLibrary GlobalFree 4773->4775 4774->4667 4775->4774 4775->4775 4776 401389 4778 401390 4776->4778 4777 4013fe 4778->4777 4779 4013cb MulDiv SendMessageW 4778->4779 4779->4778 5629 40190c 5630 401943 5629->5630 5631 402c37 17 API calls 5630->5631 5632 401948 5631->5632 5633 405abe 67 API calls 5632->5633 5634 401951 5633->5634 5635 401d0e 5636 402c15 17 API calls 5635->5636 5637 401d15 5636->5637 5638 402c15 17 API calls 5637->5638 5639 401d21 GetDlgItem 5638->5639 5640 40258c 5639->5640 5641 1000164f 5642 10001516 GlobalFree 5641->5642 5644 10001667 5642->5644 5643 100016ad GlobalFree 5644->5643 5645 10001682 5644->5645 5646 10001699 VirtualFree 5644->5646 5645->5643 5646->5643 5647 40190f 5648 402c37 17 API calls 5647->5648 5649 401916 5648->5649 5650 405a12 MessageBoxIndirectW 5649->5650 5651 40191f 5650->5651 5652 404d90 GetDlgItem GetDlgItem 5653 404de2 7 API calls 5652->5653 5661 404ffb 5652->5661 5654 404e85 DeleteObject 5653->5654 5655 404e78 SendMessageW 5653->5655 5656 404e8e 5654->5656 5655->5654 5658 404ec5 5656->5658 5660 4063d2 17 API calls 5656->5660 5657 4050df 5659 40518b 5657->5659 5668 405138 SendMessageW 5657->5668 5695 404fee 5657->5695 5662 404345 18 API calls 5658->5662 5664 405195 SendMessageW 5659->5664 5665 40519d 5659->5665 5666 404ea7 SendMessageW SendMessageW 5660->5666 5661->5657 5663 40506c 5661->5663 5671 404cde 5 API calls 5661->5671 5667 404ed9 5662->5667 5663->5657 5670 4050d1 SendMessageW 5663->5670 5664->5665 5676 4051b6 5665->5676 5677 4051af ImageList_Destroy 5665->5677 5688 4051c6 5665->5688 5666->5656 5672 404345 18 API calls 5667->5672 5674 40514d SendMessageW 5668->5674 5668->5695 5669 4043ac 8 API calls 5675 405381 5669->5675 5670->5657 5671->5663 5683 404ee7 5672->5683 5673 405335 5681 405347 ShowWindow GetDlgItem ShowWindow 5673->5681 5673->5695 5679 405160 5674->5679 5680 4051bf GlobalFree 5676->5680 5676->5688 5677->5676 5678 404fbc GetWindowLongW SetWindowLongW 5682 404fd5 5678->5682 5689 405171 SendMessageW 5679->5689 5680->5688 5681->5695 5684 404ff3 5682->5684 5685 404fdb ShowWindow 5682->5685 5683->5678 5687 404f37 SendMessageW 5683->5687 5690 404fb6 5683->5690 5692 404f73 SendMessageW 5683->5692 5693 404f84 SendMessageW 5683->5693 5704 40437a SendMessageW 5684->5704 5703 40437a SendMessageW 5685->5703 5687->5683 5688->5673 5694 404d5e 4 API calls 5688->5694 5699 405201 5688->5699 5689->5659 5690->5678 5690->5682 5692->5683 5693->5683 5694->5699 5695->5669 5696 40530b InvalidateRect 5696->5673 5697 405321 5696->5697 5705 404c99 5697->5705 5698 40522f SendMessageW 5702 405245 5698->5702 5699->5698 5699->5702 5701 4052b9 SendMessageW SendMessageW 5701->5702 5702->5696 5702->5701 5703->5695 5704->5661 5708 404bd0 5705->5708 5707 404cae 5707->5673 5709 404be9 5708->5709 5710 4063d2 17 API calls 5709->5710 5711 404c4d 5710->5711 5712 4063d2 17 API calls 5711->5712 5713 404c58 5712->5713 5714 4063d2 17 API calls 5713->5714 5715 404c6e lstrlenW wsprintfW SetDlgItemTextW 5714->5715 5715->5707 5716 401491 5717 405414 24 API calls 5716->5717 5718 401498 5717->5718 5719 402592 5720 4025c1 5719->5720 5721 4025a6 5719->5721 5723 4025f5 5720->5723 5724 4025c6 5720->5724 5722 402c15 17 API calls 5721->5722 5729 4025ad 5722->5729 5726 402c37 17 API calls 5723->5726 5725 402c37 17 API calls 5724->5725 5727 4025cd WideCharToMultiByte lstrlenA 5725->5727 5728 4025fc lstrlenW 5726->5728 5727->5729 5728->5729 5731 405f83 5 API calls 5729->5731 5732 40263f 5729->5732 5733 402629 5729->5733 5730 405f54 WriteFile 5730->5732 5731->5733 5733->5730 5733->5732 5734 404493 lstrlenW 5735 4044b2 5734->5735 5736 4044b4 WideCharToMultiByte 5734->5736 5735->5736 5737 404814 5738 404840 5737->5738 5739 404851 5737->5739 5798 4059f6 GetDlgItemTextW 5738->5798 5741 40485d GetDlgItem 5739->5741 5746 4048bc 5739->5746 5743 404871 5741->5743 5742 40484b 5745 406644 5 API calls 5742->5745 5749 404885 SetWindowTextW 5743->5749 5754 405d2c 4 API calls 5743->5754 5744 4049a0 5747 404b4f 5744->5747 5800 4059f6 GetDlgItemTextW 5744->5800 5745->5739 5746->5744 5746->5747 5751 4063d2 17 API calls 5746->5751 5753 4043ac 8 API calls 5747->5753 5752 404345 18 API calls 5749->5752 5750 4049d0 5755 405d89 18 API calls 5750->5755 5756 404930 SHBrowseForFolderW 5751->5756 5757 4048a1 5752->5757 5758 404b63 5753->5758 5759 40487b 5754->5759 5760 4049d6 5755->5760 5756->5744 5761 404948 CoTaskMemFree 5756->5761 5762 404345 18 API calls 5757->5762 5759->5749 5763 405c81 3 API calls 5759->5763 5801 4063b0 lstrcpynW 5760->5801 5764 405c81 3 API calls 5761->5764 5765 4048af 5762->5765 5763->5749 5766 404955 5764->5766 5799 40437a SendMessageW 5765->5799 5769 40498c SetDlgItemTextW 5766->5769 5774 4063d2 17 API calls 5766->5774 5769->5744 5770 4048b5 5772 40678a 5 API calls 5770->5772 5771 4049ed 5773 40678a 5 API calls 5771->5773 5772->5746 5781 4049f4 5773->5781 5775 404974 lstrcmpiW 5774->5775 5775->5769 5778 404985 lstrcatW 5775->5778 5776 404a35 5802 4063b0 lstrcpynW 5776->5802 5778->5769 5779 404a3c 5780 405d2c 4 API calls 5779->5780 5782 404a42 GetDiskFreeSpaceW 5780->5782 5781->5776 5784 405ccd 2 API calls 5781->5784 5786 404a8d 5781->5786 5785 404a66 MulDiv 5782->5785 5782->5786 5784->5781 5785->5786 5787 404afe 5786->5787 5788 404c99 20 API calls 5786->5788 5789 404b21 5787->5789 5790 40140b 2 API calls 5787->5790 5791 404aeb 5788->5791 5803 404367 EnableWindow 5789->5803 5790->5789 5793 404b00 SetDlgItemTextW 5791->5793 5794 404af0 5791->5794 5793->5787 5796 404bd0 20 API calls 5794->5796 5795 404b3d 5795->5747 5797 40476d SendMessageW 5795->5797 5796->5787 5797->5747 5798->5742 5799->5770 5800->5750 5801->5771 5802->5779 5803->5795 5804 10001058 5806 10001074 5804->5806 5805 100010dd 5806->5805 5807 10001516 GlobalFree 5806->5807 5808 10001092 5806->5808 5807->5808 5809 10001516 GlobalFree 5808->5809 5810 100010a2 5809->5810 5811 100010b2 5810->5811 5812 100010a9 GlobalSize 5810->5812 5813 100010b6 GlobalAlloc 5811->5813 5814 100010c7 5811->5814 5812->5811 5815 1000153d 3 API calls 5813->5815 5816 100010d2 GlobalFree 5814->5816 5815->5814 5816->5805 5817 401c19 5818 402c15 17 API calls 5817->5818 5819 401c20 5818->5819 5820 402c15 17 API calls 5819->5820 5821 401c2d 5820->5821 5822 402c37 17 API calls 5821->5822 5824 401c42 5821->5824 5822->5824 5823 401c52 5826 401ca9 5823->5826 5827 401c5d 5823->5827 5824->5823 5825 402c37 17 API calls 5824->5825 5825->5823 5828 402c37 17 API calls 5826->5828 5829 402c15 17 API calls 5827->5829 5830 401cae 5828->5830 5831 401c62 5829->5831 5832 402c37 17 API calls 5830->5832 5833 402c15 17 API calls 5831->5833 5834 401cb7 FindWindowExW 5832->5834 5835 401c6e 5833->5835 5838 401cd9 5834->5838 5836 401c99 SendMessageW 5835->5836 5837 401c7b SendMessageTimeoutW 5835->5837 5836->5838 5837->5838 5839 402a9a SendMessageW 5840 402ab4 InvalidateRect 5839->5840 5841 402abf 5839->5841 5840->5841 5842 40281b 5843 402821 5842->5843 5844 402829 FindClose 5843->5844 5845 402abf 5843->5845 5844->5845 5846 40149e 5847 4022f1 5846->5847 5848 4014ac PostQuitMessage 5846->5848 5848->5847 5856 100010e1 5859 10001111 5856->5859 5857 100011d8 GlobalFree 5858 100012ba 2 API calls 5858->5859 5859->5857 5859->5858 5860 100011d3 5859->5860 5861 10001272 2 API calls 5859->5861 5862 10001164 GlobalAlloc 5859->5862 5863 100011f8 GlobalFree 5859->5863 5864 100011c4 GlobalFree 5859->5864 5865 100012e1 lstrcpyW 5859->5865 5860->5857 5861->5864 5862->5859 5863->5859 5864->5859 5865->5859 5866 4029a2 5867 402c15 17 API calls 5866->5867 5868 4029a8 5867->5868 5869 4029e8 5868->5869 5870 4029cf 5868->5870 5877 402885 5868->5877 5872 402a02 5869->5872 5873 4029f2 5869->5873 5871 4029d4 5870->5871 5879 4029e5 5870->5879 5880 4063b0 lstrcpynW 5871->5880 5875 4063d2 17 API calls 5872->5875 5874 402c15 17 API calls 5873->5874 5874->5879 5875->5879 5879->5877 5881 4062f7 wsprintfW 5879->5881 5880->5877 5881->5877 4386 4015a3 4387 402c37 17 API calls 4386->4387 4388 4015aa SetFileAttributesW 4387->4388 4389 4015bc 4388->4389 5882 4028a7 5883 402c37 17 API calls 5882->5883 5884 4028b5 5883->5884 5885 4028cb 5884->5885 5886 402c37 17 API calls 5884->5886 5887 405e7d 2 API calls 5885->5887 5886->5885 5888 4028d1 5887->5888 5910 405ea2 GetFileAttributesW CreateFileW 5888->5910 5890 4028de 5891 402981 5890->5891 5892 4028ea GlobalAlloc 5890->5892 5895 402989 DeleteFileW 5891->5895 5896 40299c 5891->5896 5893 402903 5892->5893 5894 402978 CloseHandle 5892->5894 5911 403441 SetFilePointer 5893->5911 5894->5891 5895->5896 5898 402909 5899 40342b ReadFile 5898->5899 5900 402912 GlobalAlloc 5899->5900 5901 402922 5900->5901 5902 402956 5900->5902 5904 4031ba 44 API calls 5901->5904 5903 405f54 WriteFile 5902->5903 5905 402962 GlobalFree 5903->5905 5909 40292f 5904->5909 5906 4031ba 44 API calls 5905->5906 5907 402975 5906->5907 5907->5894 5908 40294d GlobalFree 5908->5902 5909->5908 5910->5890 5911->5898 4780 40202c 4781 4020f0 4780->4781 4782 40203e 4780->4782 4784 401423 24 API calls 4781->4784 4783 402c37 17 API calls 4782->4783 4785 402045 4783->4785 4791 40224a 4784->4791 4786 402c37 17 API calls 4785->4786 4787 40204e 4786->4787 4788 402064 LoadLibraryExW 4787->4788 4789 402056 GetModuleHandleW 4787->4789 4788->4781 4790 402075 4788->4790 4789->4788 4789->4790 4803 4067f9 WideCharToMultiByte 4790->4803 4794 402086 4797 4020a5 4794->4797 4798 40208e 4794->4798 4795 4020bf 4796 405414 24 API calls 4795->4796 4799 402096 4796->4799 4806 10001759 4797->4806 4800 401423 24 API calls 4798->4800 4799->4791 4801 4020e2 FreeLibrary 4799->4801 4800->4799 4801->4791 4804 406823 GetProcAddress 4803->4804 4805 402080 4803->4805 4804->4805 4805->4794 4805->4795 4807 10001789 4806->4807 4848 10001b18 4807->4848 4809 10001790 4810 100018a6 4809->4810 4811 100017a1 4809->4811 4812 100017a8 4809->4812 4810->4799 4896 10002286 4811->4896 4880 100022d0 4812->4880 4817 1000180c 4823 10001812 4817->4823 4824 1000184e 4817->4824 4818 100017ee 4909 100024a4 4818->4909 4819 100017d7 4833 100017cd 4819->4833 4906 10002b57 4819->4906 4820 100017be 4822 100017c4 4820->4822 4828 100017cf 4820->4828 4822->4833 4890 1000289c 4822->4890 4830 100015b4 3 API calls 4823->4830 4826 100024a4 10 API calls 4824->4826 4831 10001840 4826->4831 4827 100017f4 4920 100015b4 4827->4920 4900 10002640 4828->4900 4835 10001828 4830->4835 4847 10001895 4831->4847 4931 10002467 4831->4931 4833->4817 4833->4818 4838 100024a4 10 API calls 4835->4838 4837 100017d5 4837->4833 4838->4831 4840 1000189f GlobalFree 4840->4810 4844 10001881 4844->4847 4935 1000153d wsprintfW 4844->4935 4845 1000187a FreeLibrary 4845->4844 4847->4810 4847->4840 4938 1000121b GlobalAlloc 4848->4938 4850 10001b3c 4939 1000121b GlobalAlloc 4850->4939 4852 10001d7a GlobalFree GlobalFree GlobalFree 4853 10001d97 4852->4853 4859 10001de1 4852->4859 4855 10001dac 4853->4855 4856 100020ee 4853->4856 4853->4859 4854 10001b47 4854->4852 4857 10001c1d GlobalAlloc 4854->4857 4854->4859 4862 10001c68 lstrcpyW 4854->4862 4863 10001c86 GlobalFree 4854->4863 4865 10001c72 lstrcpyW 4854->4865 4870 10002048 4854->4870 4874 10001cc4 4854->4874 4875 10001f37 GlobalFree 4854->4875 4878 1000122c 2 API calls 4854->4878 4945 1000121b GlobalAlloc 4854->4945 4855->4859 4942 1000122c 4855->4942 4858 10002110 GetModuleHandleW 4856->4858 4856->4859 4857->4854 4860 10002121 LoadLibraryW 4858->4860 4861 10002136 4858->4861 4859->4809 4860->4859 4860->4861 4946 100015ff WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4861->4946 4862->4865 4863->4854 4865->4854 4866 10002148 4867 10002188 4866->4867 4879 10002172 GetProcAddress 4866->4879 4867->4859 4868 10002195 lstrlenW 4867->4868 4947 100015ff WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4868->4947 4870->4859 4873 10002090 lstrcpyW 4870->4873 4873->4859 4874->4854 4940 1000158f GlobalSize GlobalAlloc 4874->4940 4875->4854 4876 100021af 4876->4859 4878->4854 4879->4867 4887 100022e8 4880->4887 4881 1000122c GlobalAlloc lstrcpynW 4881->4887 4883 10002410 GlobalFree 4884 100017ae 4883->4884 4883->4887 4884->4819 4884->4820 4884->4833 4885 100023ba GlobalAlloc CLSIDFromString 4885->4883 4886 1000238f GlobalAlloc WideCharToMultiByte 4886->4883 4887->4881 4887->4883 4887->4885 4887->4886 4889 100023d9 4887->4889 4949 100012ba 4887->4949 4889->4883 4953 100025d4 4889->4953 4892 100028ae 4890->4892 4891 10002953 VirtualAllocEx 4893 10002971 4891->4893 4892->4891 4894 10002a62 GetLastError 4893->4894 4895 10002a6d 4893->4895 4894->4895 4895->4833 4897 10002296 4896->4897 4898 100017a7 4896->4898 4897->4898 4899 100022a8 GlobalAlloc 4897->4899 4898->4812 4899->4897 4904 1000265c 4900->4904 4901 100026c0 4903 100026c5 GlobalSize 4901->4903 4905 100026cf 4901->4905 4902 100026ad GlobalAlloc 4902->4905 4903->4905 4904->4901 4904->4902 4905->4837 4908 10002b62 4906->4908 4907 10002ba2 GlobalFree 4908->4907 4956 1000121b GlobalAlloc 4909->4956 4911 10002506 MultiByteToWideChar 4916 100024ae 4911->4916 4912 1000252b StringFromGUID2 4912->4916 4913 1000253c lstrcpynW 4913->4916 4914 1000256c GlobalFree 4914->4916 4915 1000254f wsprintfW 4915->4916 4916->4911 4916->4912 4916->4913 4916->4914 4916->4915 4917 100025a7 GlobalFree 4916->4917 4918 10001272 2 API calls 4916->4918 4957 100012e1 4916->4957 4917->4827 4918->4916 4961 1000121b GlobalAlloc 4920->4961 4922 100015ba 4923 100015c7 lstrcpyW 4922->4923 4925 100015e1 4922->4925 4926 100015fb 4923->4926 4925->4926 4927 100015e6 wsprintfW 4925->4927 4928 10001272 4926->4928 4927->4926 4929 100012b5 GlobalFree 4928->4929 4930 1000127b GlobalAlloc lstrcpynW 4928->4930 4929->4831 4930->4929 4932 10002475 4931->4932 4934 10001861 4931->4934 4933 10002491 GlobalFree 4932->4933 4932->4934 4933->4932 4934->4844 4934->4845 4936 10001272 2 API calls 4935->4936 4937 1000155e 4936->4937 4937->4847 4938->4850 4939->4854 4941 100015ad 4940->4941 4941->4874 4948 1000121b GlobalAlloc 4942->4948 4944 1000123b lstrcpynW 4944->4859 4945->4854 4946->4866 4947->4876 4948->4944 4950 100012c1 4949->4950 4951 1000122c 2 API calls 4950->4951 4952 100012df 4951->4952 4952->4887 4954 100025e2 VirtualAlloc 4953->4954 4955 10002638 4953->4955 4954->4955 4955->4889 4956->4916 4958 100012ea 4957->4958 4959 1000130c 4957->4959 4958->4959 4960 100012f0 lstrcpyW 4958->4960 4959->4916 4960->4959 4961->4922 5919 402a2f 5920 402c15 17 API calls 5919->5920 5921 402a35 5920->5921 5922 402a6c 5921->5922 5923 402885 5921->5923 5925 402a47 5921->5925 5922->5923 5924 4063d2 17 API calls 5922->5924 5924->5923 5925->5923 5927 4062f7 wsprintfW 5925->5927 5927->5923 5928 401a30 5929 402c37 17 API calls 5928->5929 5930 401a39 ExpandEnvironmentStringsW 5929->5930 5931 401a4d 5930->5931 5933 401a60 5930->5933 5932 401a52 lstrcmpW 5931->5932 5931->5933 5932->5933 5939 401db3 GetDC 5940 402c15 17 API calls 5939->5940 5941 401dc5 GetDeviceCaps MulDiv ReleaseDC 5940->5941 5942 402c15 17 API calls 5941->5942 5943 401df6 5942->5943 5944 4063d2 17 API calls 5943->5944 5945 401e33 CreateFontIndirectW 5944->5945 5946 40258c 5945->5946 5947 402835 5948 40283d 5947->5948 5949 402841 FindNextFileW 5948->5949 5950 402853 5948->5950 5949->5950 5951 4029e0 5950->5951 5953 4063b0 lstrcpynW 5950->5953 5953->5951 5954 401735 5955 402c37 17 API calls 5954->5955 5956 40173c SearchPathW 5955->5956 5957 4029e0 5956->5957 5958 401757 5956->5958 5958->5957 5960 4063b0 lstrcpynW 5958->5960 5960->5957 5961 10002a77 5962 10002a8f 5961->5962 5963 1000158f 2 API calls 5962->5963 5964 10002aaa 5963->5964 5965 4014b8 5966 4014be 5965->5966 5967 401389 2 API calls 5966->5967 5968 4014c6 5967->5968 5969 406aba 5973 40693e 5969->5973 5970 4072a9 5971 4069c8 GlobalAlloc 5971->5970 5971->5973 5972 4069bf GlobalFree 5972->5971 5973->5970 5973->5971 5973->5972 5974 406a36 GlobalFree 5973->5974 5975 406a3f GlobalAlloc 5973->5975 5974->5975 5975->5970 5975->5973

                                                                                                        Executed Functions

                                                                                                        Function 00403489 Relevance: 89.7, APIs: 33, Strings: 18, Instructions: 412stringfilecomCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 0 403489-4034c6 SetErrorMode GetVersion 1 4034c8-4034d0 call 40678a 0->1 2 4034d9 0->2 1->2 8 4034d2 1->8 3 4034de-4034f2 call 40671a lstrlenA 2->3 9 4034f4-403510 call 40678a * 3 3->9 8->2 16 403521-403582 #17 OleInitialize SHGetFileInfoW call 4063b0 GetCommandLineW call 4063b0 GetModuleHandleW 9->16 17 403512-403518 9->17 24 403584-40358b 16->24 25 40358c-4035a6 call 405cae CharNextW 16->25 17->16 22 40351a 17->22 22->16 24->25 28 4035ac-4035b2 25->28 29 4036bd-4036d7 GetTempPathW call 403458 25->29 31 4035b4-4035b9 28->31 32 4035bb-4035bf 28->32 36 4036d9-4036f7 GetWindowsDirectoryW lstrcatW call 403458 29->36 37 40372f-403749 DeleteFileW call 402f14 29->37 31->31 31->32 34 4035c1-4035c5 32->34 35 4035c6-4035ca 32->35 34->35 38 4035d0-4035d6 35->38 39 403689-403696 call 405cae 35->39 36->37 54 4036f9-403729 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 403458 36->54 57 4037fa-40380a call 4039cc OleUninitialize 37->57 58 40374f-403755 37->58 43 4035f1-40362a 38->43 44 4035d8-4035e0 38->44 55 403698-403699 39->55 56 40369a-4036a0 39->56 45 403647-403681 43->45 46 40362c-403631 43->46 50 4035e2-4035e5 44->50 51 4035e7 44->51 45->39 53 403683-403687 45->53 46->45 52 403633-40363b 46->52 50->43 50->51 51->43 60 403642 52->60 61 40363d-403640 52->61 53->39 62 4036a8-4036b6 call 4063b0 53->62 54->37 54->57 55->56 56->28 64 4036a6 56->64 74 403930-403936 57->74 75 403810-403820 call 405a12 ExitProcess 57->75 65 4037ea-4037f1 call 403abe 58->65 66 40375b-403766 call 405cae 58->66 60->45 61->45 61->60 69 4036bb 62->69 64->69 73 4037f6 65->73 77 4037b4-4037be 66->77 78 403768-40379d 66->78 69->29 73->57 80 4039b4-4039bc 74->80 81 403938-40394e GetCurrentProcess OpenProcessToken 74->81 85 4037c0-4037ce call 405d89 77->85 86 403826-40383a call 40597d lstrcatW 77->86 82 40379f-4037a3 78->82 83 4039c2-4039c6 ExitProcess 80->83 84 4039be 80->84 88 403950-40397e LookupPrivilegeValueW AdjustTokenPrivileges 81->88 89 403984-403992 call 40678a 81->89 90 4037a5-4037aa 82->90 91 4037ac-4037b0 82->91 84->83 85->57 99 4037d0-4037e6 call 4063b0 * 2 85->99 100 403847-403861 lstrcatW lstrcmpiW 86->100 101 40383c-403842 lstrcatW 86->101 88->89 102 4039a0-4039ab ExitWindowsEx 89->102 103 403994-40399e 89->103 90->91 95 4037b2 90->95 91->82 91->95 95->77 99->65 100->57 106 403863-403866 100->106 101->100 102->80 104 4039ad-4039af call 40140b 102->104 103->102 103->104 104->80 110 403868-40386d call 4058e3 106->110 111 40386f call 405960 106->111 115 403874-403882 SetCurrentDirectoryW 110->115 111->115 118 403884-40388a call 4063b0 115->118 119 40388f-4038b8 call 4063b0 115->119 118->119 123 4038bd-4038d9 call 4063d2 DeleteFileW 119->123 126 40391a-403922 123->126 127 4038db-4038eb CopyFileW 123->127 126->123 128 403924-40392b call 406176 126->128 127->126 129 4038ed-40390d call 406176 call 4063d2 call 405995 127->129 128->57 129->126 138 40390f-403916 CloseHandle 129->138 138->126
                                                                                                        APIs
                                                                                                        • SetErrorMode.KERNELBASE ref: 004034AC
                                                                                                        • GetVersion.KERNEL32 ref: 004034B2
                                                                                                        • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004034E5
                                                                                                        • #17.COMCTL32(?,00000006,00000008,0000000A), ref: 00403522
                                                                                                        • OleInitialize.OLE32(00000000), ref: 00403529
                                                                                                        • SHGetFileInfoW.SHELL32(004216E8,00000000,?,000002B4,00000000), ref: 00403545
                                                                                                        • GetCommandLineW.KERNEL32(00429240,NSIS Error,?,00000006,00000008,0000000A), ref: 0040355A
                                                                                                        • GetModuleHandleW.KERNEL32(00000000,"C:\Users\user\Desktop\FACTURA-002297.exe",00000000,?,00000006,00000008,0000000A), ref: 0040356D
                                                                                                        • CharNextW.USER32(00000000,"C:\Users\user\Desktop\FACTURA-002297.exe",00000020,?,00000006,00000008,0000000A), ref: 00403594
                                                                                                          • Part of subcall function 0040678A: GetModuleHandleA.KERNEL32(?,00000020,?,004034FB,0000000A), ref: 0040679C
                                                                                                          • Part of subcall function 0040678A: GetProcAddress.KERNEL32(00000000,?), ref: 004067B7
                                                                                                        • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 004036CE
                                                                                                        • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000006,00000008,0000000A), ref: 004036DF
                                                                                                        • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 004036EB
                                                                                                        • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 004036FF
                                                                                                        • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 00403707
                                                                                                        • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 00403718
                                                                                                        • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 00403720
                                                                                                        • DeleteFileW.KERNELBASE(1033,?,00000006,00000008,0000000A), ref: 00403734
                                                                                                          • Part of subcall function 004063B0: lstrcpynW.KERNEL32(?,?,00000400,0040355A,00429240,NSIS Error,?,00000006,00000008,0000000A), ref: 004063BD
                                                                                                        • OleUninitialize.OLE32(00000006,?,00000006,00000008,0000000A), ref: 004037FF
                                                                                                        • ExitProcess.KERNEL32 ref: 00403820
                                                                                                        • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\FACTURA-002297.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 00403833
                                                                                                        • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A328,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\FACTURA-002297.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 00403842
                                                                                                        • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\FACTURA-002297.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 0040384D
                                                                                                        • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\FACTURA-002297.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 00403859
                                                                                                        • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 00403875
                                                                                                        • DeleteFileW.KERNEL32(00420EE8,00420EE8,?,0042B000,00000008,?,00000006,00000008,0000000A), ref: 004038CF
                                                                                                        • CopyFileW.KERNEL32(C:\Users\user\Desktop\FACTURA-002297.exe,00420EE8,00000001,?,00000006,00000008,0000000A), ref: 004038E3
                                                                                                        • CloseHandle.KERNEL32(00000000,00420EE8,00420EE8,?,00420EE8,00000000,?,00000006,00000008,0000000A), ref: 00403910
                                                                                                        • GetCurrentProcess.KERNEL32(00000028,0000000A,00000006,00000008,0000000A), ref: 0040393F
                                                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 00403946
                                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 0040395B
                                                                                                        • AdjustTokenPrivileges.ADVAPI32 ref: 0040397E
                                                                                                        • ExitWindowsEx.USER32(00000002,80040002), ref: 004039A3
                                                                                                        • ExitProcess.KERNEL32 ref: 004039C6
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: lstrcat$FileProcess$ExitHandle$CurrentDeleteDirectoryEnvironmentModulePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpynlstrlen
                                                                                                        • String ID: "C:\Users\user\Desktop\FACTURA-002297.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet$C:\Users\user\Desktop$C:\Users\user\Desktop\FACTURA-002297.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                                        • API String ID: 2488574733-703407013
                                                                                                        • Opcode ID: 0c5ed391fea6fa0d6bec001cb8bac7c1b86e8aed39806b07c52da4fce73069a4
                                                                                                        • Instruction ID: aa49a9b5ba718b736b7abce3970f6df4d0a927ceef10040f9259c4205047f8e0
                                                                                                        • Opcode Fuzzy Hash: 0c5ed391fea6fa0d6bec001cb8bac7c1b86e8aed39806b07c52da4fce73069a4
                                                                                                        • Instruction Fuzzy Hash: 3DD103B1600311ABD3206F759D45B3B3AACEB4070AF10443FF981B62D2DBBD8D558A6E
                                                                                                        Function 10001B18 Relevance: 20.0, APIs: 13, Instructions: 544stringmemoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                          • Part of subcall function 1000121B: GlobalAlloc.KERNELBASE(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                                                                        • GlobalAlloc.KERNELBASE(00000040,00001CA4), ref: 10001C24
                                                                                                        • lstrcpyW.KERNEL32(00000008,?), ref: 10001C6C
                                                                                                        • lstrcpyW.KERNEL32(00000808,?), ref: 10001C76
                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 10001C89
                                                                                                        • GlobalFree.KERNEL32(?), ref: 10001D83
                                                                                                        • GlobalFree.KERNEL32(?), ref: 10001D88
                                                                                                        • GlobalFree.KERNEL32(?), ref: 10001D8D
                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 10001F38
                                                                                                        • lstrcpyW.KERNEL32(?,?), ref: 1000209C
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12785365661.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12785336393.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12785394722.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12785424175.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_10000000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Global$Free$lstrcpy$Alloc
                                                                                                        • String ID:
                                                                                                        • API String ID: 4227406936-0
                                                                                                        • Opcode ID: 5a24c136153c29b9d98a91a4f463aeb2504b823c6cdae7135cdbbdb8769d9cc1
                                                                                                        • Instruction ID: 952ca616c20dc2fa21031af5d26a5f3ec91fa4f9dea92b18a1e2b318678e368b
                                                                                                        • Opcode Fuzzy Hash: 5a24c136153c29b9d98a91a4f463aeb2504b823c6cdae7135cdbbdb8769d9cc1
                                                                                                        • Instruction Fuzzy Hash: 10129C75D0064AEFEB20CFA4C8806EEB7F4FB083D4F61452AE565E7198D774AA80DB50
                                                                                                        Function 00405ABE Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 484 405abe-405ae4 call 405d89 487 405ae6-405af8 DeleteFileW 484->487 488 405afd-405b04 484->488 489 405c7a-405c7e 487->489 490 405b06-405b08 488->490 491 405b17-405b27 call 4063b0 488->491 493 405c28-405c2d 490->493 494 405b0e-405b11 490->494 497 405b36-405b37 call 405ccd 491->497 498 405b29-405b34 lstrcatW 491->498 493->489 496 405c2f-405c32 493->496 494->491 494->493 499 405c34-405c3a 496->499 500 405c3c-405c44 call 4066f3 496->500 501 405b3c-405b40 497->501 498->501 499->489 500->489 508 405c46-405c5a call 405c81 call 405a76 500->508 504 405b42-405b4a 501->504 505 405b4c-405b52 lstrcatW 501->505 504->505 507 405b57-405b73 lstrlenW FindFirstFileW 504->507 505->507 509 405b79-405b81 507->509 510 405c1d-405c21 507->510 526 405c72-405c75 call 405414 508->526 527 405c5c-405c5f 508->527 513 405ba1-405bb5 call 4063b0 509->513 514 405b83-405b8b 509->514 510->493 512 405c23 510->512 512->493 524 405bb7-405bbf 513->524 525 405bcc-405bd7 call 405a76 513->525 516 405c00-405c10 FindNextFileW 514->516 517 405b8d-405b95 514->517 516->509 520 405c16-405c17 FindClose 516->520 517->513 521 405b97-405b9f 517->521 520->510 521->513 521->516 524->516 529 405bc1-405bca call 405abe 524->529 537 405bf8-405bfb call 405414 525->537 538 405bd9-405bdc 525->538 526->489 527->499 528 405c61-405c70 call 405414 call 406176 527->528 528->489 529->516 537->516 540 405bf0-405bf6 538->540 541 405bde-405bee call 405414 call 406176 538->541 540->516 541->516
                                                                                                        APIs
                                                                                                        • DeleteFileW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,76C12EE0,00000000), ref: 00405AE7
                                                                                                        • lstrcatW.KERNEL32(00425730,\*.*,00425730,?,?,C:\Users\user\AppData\Local\Temp\,76C12EE0,00000000), ref: 00405B2F
                                                                                                        • lstrcatW.KERNEL32(?,0040A014,?,00425730,?,?,C:\Users\user\AppData\Local\Temp\,76C12EE0,00000000), ref: 00405B52
                                                                                                        • lstrlenW.KERNEL32(?,?,0040A014,?,00425730,?,?,C:\Users\user\AppData\Local\Temp\,76C12EE0,00000000), ref: 00405B58
                                                                                                        • FindFirstFileW.KERNEL32(00425730,?,?,?,0040A014,?,00425730,?,?,C:\Users\user\AppData\Local\Temp\,76C12EE0,00000000), ref: 00405B68
                                                                                                        • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405C08
                                                                                                        • FindClose.KERNEL32(00000000), ref: 00405C17
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                        • String ID: "C:\Users\user\Desktop\FACTURA-002297.exe"$0WB$C:\Users\user\AppData\Local\Temp\$\*.*
                                                                                                        • API String ID: 2035342205-1864036170
                                                                                                        • Opcode ID: 6a659da8d5721ce07b89c17eb76fa4599111a2d920b673130fc03b7c63125bad
                                                                                                        • Instruction ID: 07f17dd178ac6d8b62b8dc139a3c49ba2dacd8a3a96bf447fe2624e5f5ce8b98
                                                                                                        • Opcode Fuzzy Hash: 6a659da8d5721ce07b89c17eb76fa4599111a2d920b673130fc03b7c63125bad
                                                                                                        • Instruction Fuzzy Hash: 1741D030904A18A6DB21AB618D89FBF7678EF42719F50813BF801B11D1D77C5982DEAE
                                                                                                        Function 00406ABA Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 842 406aba-406abf 843 406b30-406b4e 842->843 844 406ac1-406af0 842->844 845 407126-40713b 843->845 846 406af2-406af5 844->846 847 406af7-406afb 844->847 848 407155-40716b 845->848 849 40713d-407153 845->849 850 406b07-406b0a 846->850 851 406b03 847->851 852 406afd-406b01 847->852 855 40716e-407175 848->855 849->855 853 406b28-406b2b 850->853 854 406b0c-406b15 850->854 851->850 852->850 858 406cfd-406d1b 853->858 856 406b17 854->856 857 406b1a-406b26 854->857 859 407177-40717b 855->859 860 40719c-4071a8 855->860 856->857 862 406b90-406bbe 857->862 865 406d33-406d45 858->865 866 406d1d-406d31 858->866 863 407181-407199 859->863 864 40732a-407334 859->864 869 40693e-406947 860->869 870 406bc0-406bd8 862->870 871 406bda-406bf4 862->871 863->860 867 407340-407353 864->867 868 406d48-406d52 865->868 866->868 877 407358-40735c 867->877 872 406d54 868->872 873 406cf5-406cfb 868->873 874 407355 869->874 875 40694d 869->875 876 406bf7-406c01 870->876 871->876 878 406cd0-406cd4 872->878 879 406e65-406e72 872->879 873->858 880 406c99-406ca3 873->880 874->877 881 406954-406958 875->881 882 406a94-406ab5 875->882 883 4069f9-4069fd 875->883 884 406a69-406a6d 875->884 885 406c07 876->885 886 406b78-406b7e 876->886 897 406cda-406cf2 878->897 898 4072dc-4072e6 878->898 879->869 890 406ec1-406ed0 879->890 893 4072e8-4072f2 880->893 894 406ca9-406ccb 880->894 881->867 899 40695e-40696b 881->899 882->845 891 406a03-406a1c 883->891 892 4072a9-4072b3 883->892 888 406a73-406a87 884->888 889 4072b8-4072c2 884->889 901 4072c4-4072ce 885->901 902 406b5d-406b75 885->902 895 406c31-406c37 886->895 896 406b84-406b8a 886->896 900 406a8a-406a92 888->900 889->867 890->845 906 406a1f-406a23 891->906 892->867 893->867 894->879 903 406c95 895->903 905 406c39-406c57 895->905 896->862 896->903 897->873 898->867 899->874 904 406971-4069b7 899->904 900->882 900->884 901->867 902->886 903->880 907 4069b9-4069bd 904->907 908 4069df-4069e1 904->908 909 406c59-406c6d 905->909 910 406c6f-406c81 905->910 906->883 911 406a25-406a2b 906->911 912 4069c8-4069d6 GlobalAlloc 907->912 913 4069bf-4069c2 GlobalFree 907->913 915 4069e3-4069ed 908->915 916 4069ef-4069f7 908->916 914 406c84-406c8e 909->914 910->914 917 406a55-406a67 911->917 918 406a2d-406a34 911->918 912->874 919 4069dc 912->919 913->912 914->895 920 406c90 914->920 915->915 915->916 916->906 917->900 921 406a36-406a39 GlobalFree 918->921 922 406a3f-406a4f GlobalAlloc 918->922 919->908 924 4072d0-4072da 920->924 925 406c16-406c2e 920->925 921->922 922->874 922->917 924->867 925->895
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 3c070ca994c387dc491d90c6da3338e95d076c4c889754936ff9c01511acbaf1
                                                                                                        • Instruction ID: 906bff5cfe4bf8fc25f5c52b70697fc94252e662920e9b50785524ea690ef068
                                                                                                        • Opcode Fuzzy Hash: 3c070ca994c387dc491d90c6da3338e95d076c4c889754936ff9c01511acbaf1
                                                                                                        • Instruction Fuzzy Hash: EBF17870D04229CBDF18CFA8C8946ADBBB1FF44305F15816ED856BB281D7386A86DF45
                                                                                                        Function 004066F3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • FindFirstFileW.KERNELBASE(?,00426778,00425F30,00405DD2,00425F30,00425F30,00000000,00425F30,00425F30,?,?,76C12EE0,00405ADE,?,C:\Users\user\AppData\Local\Temp\,76C12EE0), ref: 004066FE
                                                                                                        • FindClose.KERNELBASE(00000000), ref: 0040670A
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Find$CloseFileFirst
                                                                                                        • String ID: xgB
                                                                                                        • API String ID: 2295610775-399326502
                                                                                                        • Opcode ID: 8f8798618dbeb96281b7e152f222c6bef4cfc1fb78c0b92afc6d3f182eb863fd
                                                                                                        • Instruction ID: 551d457f2096baf6d1028c2489454c6ec1272a262abf728b5c7319079dd029a3
                                                                                                        • Opcode Fuzzy Hash: 8f8798618dbeb96281b7e152f222c6bef4cfc1fb78c0b92afc6d3f182eb863fd
                                                                                                        • Instruction Fuzzy Hash: DBD012315090209BC201173CBE4C85B7A989F953397128B37B466F71E0C7348C638AE8
                                                                                                        Function 00403ABE Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 139 403abe-403ad6 call 40678a 142 403ad8-403ae8 call 4062f7 139->142 143 403aea-403b21 call 40627e 139->143 151 403b44-403b6d call 403d94 call 405d89 142->151 147 403b23-403b34 call 40627e 143->147 148 403b39-403b3f lstrcatW 143->148 147->148 148->151 157 403b73-403b78 151->157 158 403bff-403c07 call 405d89 151->158 157->158 159 403b7e-403ba6 call 40627e 157->159 163 403c15-403c3a LoadImageW 158->163 164 403c09-403c10 call 4063d2 158->164 159->158 169 403ba8-403bac 159->169 167 403cbb-403cc3 call 40140b 163->167 168 403c3c-403c6c RegisterClassW 163->168 164->163 182 403cc5-403cc8 167->182 183 403ccd-403cd8 call 403d94 167->183 172 403c72-403cb6 SystemParametersInfoW CreateWindowExW 168->172 173 403d8a 168->173 170 403bbe-403bca lstrlenW 169->170 171 403bae-403bbb call 405cae 169->171 177 403bf2-403bfa call 405c81 call 4063b0 170->177 178 403bcc-403bda lstrcmpiW 170->178 171->170 172->167 176 403d8c-403d93 173->176 177->158 178->177 181 403bdc-403be6 GetFileAttributesW 178->181 185 403be8-403bea 181->185 186 403bec-403bed call 405ccd 181->186 182->176 192 403d61-403d69 call 4054e7 183->192 193 403cde-403cf8 ShowWindow call 40671a 183->193 185->177 185->186 186->177 198 403d83-403d85 call 40140b 192->198 199 403d6b-403d71 192->199 200 403d04-403d16 GetClassInfoW 193->200 201 403cfa-403cff call 40671a 193->201 198->173 199->182 206 403d77-403d7e call 40140b 199->206 204 403d18-403d28 GetClassInfoW RegisterClassW 200->204 205 403d2e-403d5f DialogBoxParamW call 40140b call 403a0e 200->205 201->200 204->205 205->176 206->182
                                                                                                        APIs
                                                                                                          • Part of subcall function 0040678A: GetModuleHandleA.KERNEL32(?,00000020,?,004034FB,0000000A), ref: 0040679C
                                                                                                          • Part of subcall function 0040678A: GetProcAddress.KERNEL32(00000000,?), ref: 004067B7
                                                                                                        • lstrcatW.KERNEL32(1033,00423728,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423728,00000000,00000002,C:\Users\user\AppData\Local\Temp\,76C13420,"C:\Users\user\Desktop\FACTURA-002297.exe",00000000), ref: 00403B3F
                                                                                                        • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet,1033,00423728,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423728,00000000,00000002,C:\Users\user\AppData\Local\Temp\), ref: 00403BBF
                                                                                                        • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet,1033,00423728,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423728,00000000), ref: 00403BD2
                                                                                                        • GetFileAttributesW.KERNEL32(Call), ref: 00403BDD
                                                                                                        • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet), ref: 00403C26
                                                                                                          • Part of subcall function 004062F7: wsprintfW.USER32 ref: 00406304
                                                                                                        • RegisterClassW.USER32(004291E0), ref: 00403C63
                                                                                                        • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403C7B
                                                                                                        • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403CB0
                                                                                                        • ShowWindow.USER32(00000005,00000000), ref: 00403CE6
                                                                                                        • GetClassInfoW.USER32(00000000,RichEdit20W,004291E0), ref: 00403D12
                                                                                                        • GetClassInfoW.USER32(00000000,RichEdit,004291E0), ref: 00403D1F
                                                                                                        • RegisterClassW.USER32(004291E0), ref: 00403D28
                                                                                                        • DialogBoxParamW.USER32(?,00000000,00403E6C,00000000), ref: 00403D47
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                        • String ID: "C:\Users\user\Desktop\FACTURA-002297.exe"$(7B$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                        • API String ID: 1975747703-1653044582
                                                                                                        • Opcode ID: ee5fd85ec343bc094daa65e3c13ef1cff60d12f5a08356af1ceed260609d9923
                                                                                                        • Instruction ID: afe91a4761cf59ebc4b7da6c1f2e4a45d87dcf75ce704844472433b73fc63153
                                                                                                        • Opcode Fuzzy Hash: ee5fd85ec343bc094daa65e3c13ef1cff60d12f5a08356af1ceed260609d9923
                                                                                                        • Instruction Fuzzy Hash: 81619370200601BED720AF669D46E2B3A7CEB84B49F40447FFD45B62E2DB7D9912862D
                                                                                                        Function 00402F14 Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 203memoryCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 213 402f14-402f62 GetTickCount GetModuleFileNameW call 405ea2 216 402f64-402f69 213->216 217 402f6e-402f9c call 4063b0 call 405ccd call 4063b0 GetFileSize 213->217 218 4031b3-4031b7 216->218 225 402fa2-402fb9 217->225 226 40308c-40309a call 402e72 217->226 228 402fbb 225->228 229 402fbd-402fca call 40342b 225->229 233 4030a0-4030a3 226->233 234 40316b-403170 226->234 228->229 235 402fd0-402fd6 229->235 236 403127-40312f call 402e72 229->236 237 4030a5-4030bd call 403441 call 40342b 233->237 238 4030cf-40311b GlobalAlloc call 4068eb call 405ed1 CreateFileW 233->238 234->218 239 403056-40305a 235->239 240 402fd8-402ff0 call 405e5d 235->240 236->234 237->234 261 4030c3-4030c9 237->261 264 403131-403161 call 403441 call 4031ba 238->264 265 40311d-403122 238->265 244 403063-403069 239->244 245 40305c-403062 call 402e72 239->245 240->244 259 402ff2-402ff9 240->259 251 40306b-403079 call 40687d 244->251 252 40307c-403086 244->252 245->244 251->252 252->225 252->226 259->244 263 402ffb-403002 259->263 261->234 261->238 263->244 266 403004-40300b 263->266 273 403166-403169 264->273 265->218 266->244 268 40300d-403014 266->268 268->244 270 403016-403036 268->270 270->234 272 40303c-403040 270->272 275 403042-403046 272->275 276 403048-403050 272->276 273->234 274 403172-403183 273->274 277 403185 274->277 278 40318b-403190 274->278 275->226 275->276 276->244 279 403052-403054 276->279 277->278 280 403191-403197 278->280 279->244 280->280 281 403199-4031b1 call 405e5d 280->281 281->218
                                                                                                        APIs
                                                                                                        • GetTickCount.KERNEL32 ref: 00402F28
                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\FACTURA-002297.exe,00000400), ref: 00402F44
                                                                                                          • Part of subcall function 00405EA2: GetFileAttributesW.KERNELBASE(00000003,00402F57,C:\Users\user\Desktop\FACTURA-002297.exe,80000000,00000003), ref: 00405EA6
                                                                                                          • Part of subcall function 00405EA2: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405EC8
                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,00439000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\FACTURA-002297.exe,C:\Users\user\Desktop\FACTURA-002297.exe,80000000,00000003), ref: 00402F8D
                                                                                                        • GlobalAlloc.KERNELBASE(00000040,0040A230), ref: 004030D4
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                        • String ID: "C:\Users\user\Desktop\FACTURA-002297.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\FACTURA-002297.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                        • API String ID: 2803837635-1603281862
                                                                                                        • Opcode ID: 4aa3185e2732ea1d92bd2938039fdcb50ab67e449d873de13479ee0b69e06266
                                                                                                        • Instruction ID: 409c8f22eebac3ceeba7cf51205c68f93d68dba00e9ec32c8e3ebc1c19b8881b
                                                                                                        • Opcode Fuzzy Hash: 4aa3185e2732ea1d92bd2938039fdcb50ab67e449d873de13479ee0b69e06266
                                                                                                        • Instruction Fuzzy Hash: 8D61E031A00204ABDB20EF65DD85A9A7BA8EB04355F20817FF901F72D0C77C9A418BAD
                                                                                                        Function 004063D2 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 209stringCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 548 4063d2-4063dd 549 4063f0-406406 548->549 550 4063df-4063ee 548->550 551 40640c-406419 549->551 552 40661e-406624 549->552 550->549 551->552 555 40641f-406426 551->555 553 40662a-406635 552->553 554 40642b-406438 552->554 557 406640-406641 553->557 558 406637-40663b call 4063b0 553->558 554->553 556 40643e-40644a 554->556 555->552 559 406450-40648e 556->559 560 40660b 556->560 558->557 562 406494-40649f 559->562 563 4065ae-4065b2 559->563 564 406619-40661c 560->564 565 40660d-406617 560->565 566 4064a1-4064a6 562->566 567 4064b8 562->567 568 4065b4-4065ba 563->568 569 4065e5-4065e9 563->569 564->552 565->552 566->567 572 4064a8-4064ab 566->572 575 4064bf-4064c6 567->575 573 4065ca-4065d6 call 4063b0 568->573 574 4065bc-4065c8 call 4062f7 568->574 570 4065f8-406609 lstrlenW 569->570 571 4065eb-4065f3 call 4063d2 569->571 570->552 571->570 572->567 577 4064ad-4064b0 572->577 586 4065db-4065e1 573->586 574->586 579 4064c8-4064ca 575->579 580 4064cb-4064cd 575->580 577->567 582 4064b2-4064b6 577->582 579->580 584 406508-40650b 580->584 585 4064cf-4064f6 call 40627e 580->585 582->575 587 40651b-40651e 584->587 588 40650d-406519 GetSystemDirectoryW 584->588 599 406596-406599 585->599 600 4064fc-406503 call 4063d2 585->600 586->570 590 4065e3 586->590 592 406520-40652e GetWindowsDirectoryW 587->592 593 406589-40658b 587->593 591 40658d-406591 588->591 595 4065a6-4065ac call 406644 590->595 591->595 596 406593 591->596 592->593 593->591 598 406530-40653a 593->598 595->570 596->599 604 406554-40656a SHGetSpecialFolderLocation 598->604 605 40653c-40653f 598->605 599->595 602 40659b-4065a1 lstrcatW 599->602 600->591 602->595 608 406585 604->608 609 40656c-406583 SHGetPathFromIDListW CoTaskMemFree 604->609 605->604 607 406541-406548 605->607 610 406550-406552 607->610 608->593 609->591 609->608 610->591 610->604
                                                                                                        APIs
                                                                                                        • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 00406513
                                                                                                        • GetWindowsDirectoryW.KERNEL32(Call,00000400,00000000,00422708,?,0040544B,00422708,00000000), ref: 00406526
                                                                                                        • SHGetSpecialFolderLocation.SHELL32(0040544B,00000000,00000000,00422708,?,0040544B,00422708,00000000), ref: 00406562
                                                                                                        • SHGetPathFromIDListW.SHELL32(00000000,Call), ref: 00406570
                                                                                                        • CoTaskMemFree.OLE32(00000000), ref: 0040657B
                                                                                                        • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 004065A1
                                                                                                        • lstrlenW.KERNEL32(Call,00000000,00422708,?,0040544B,00422708,00000000), ref: 004065F9
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                                                                        • String ID: Call$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                        • API String ID: 717251189-1230650788
                                                                                                        • Opcode ID: 15e8cba43a00d1251787e7505a7f0100c69544ffb4eb695e889bacc90eff1716
                                                                                                        • Instruction ID: 781aa6555cb08bc9a39a1310e2b7c8a7a94b670d8f790df7948cd7d686d0a9f3
                                                                                                        • Opcode Fuzzy Hash: 15e8cba43a00d1251787e7505a7f0100c69544ffb4eb695e889bacc90eff1716
                                                                                                        • Instruction Fuzzy Hash: 52611771600101ABDF209F54ED40ABE37A5AF40314F56453FE947B62D4D73D8AA2CB5D
                                                                                                        Function 0040176F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 611 40176f-401794 call 402c37 call 405cf8 616 401796-40179c call 4063b0 611->616 617 40179e-4017b0 call 4063b0 call 405c81 lstrcatW 611->617 622 4017b5-4017b6 call 406644 616->622 617->622 626 4017bb-4017bf 622->626 627 4017c1-4017cb call 4066f3 626->627 628 4017f2-4017f5 626->628 636 4017dd-4017ef 627->636 637 4017cd-4017db CompareFileTime 627->637 630 4017f7-4017f8 call 405e7d 628->630 631 4017fd-401819 call 405ea2 628->631 630->631 638 40181b-40181e 631->638 639 40188d-4018b6 call 405414 call 4031ba 631->639 636->628 637->636 640 401820-40185e call 4063b0 * 2 call 4063d2 call 4063b0 call 405a12 638->640 641 40186f-401879 call 405414 638->641 653 4018b8-4018bc 639->653 654 4018be-4018ca SetFileTime 639->654 640->626 673 401864-401865 640->673 651 401882-401888 641->651 655 402ac8 651->655 653->654 657 4018d0-4018db CloseHandle 653->657 654->657 661 402aca-402ace 655->661 658 4018e1-4018e4 657->658 659 402abf-402ac2 657->659 662 4018e6-4018f7 call 4063d2 lstrcatW 658->662 663 4018f9-4018fc call 4063d2 658->663 659->655 669 401901-4022f6 call 405a12 662->669 663->669 669->661 673->651 675 401867-401868 673->675 675->641
                                                                                                        APIs
                                                                                                        • lstrcatW.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet,?,?,00000031), ref: 004017B0
                                                                                                        • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet,?,?,00000031), ref: 004017D5
                                                                                                          • Part of subcall function 004063B0: lstrcpynW.KERNEL32(?,?,00000400,0040355A,00429240,NSIS Error,?,00000006,00000008,0000000A), ref: 004063BD
                                                                                                          • Part of subcall function 00405414: lstrlenW.KERNEL32(00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EEC,00000000,?), ref: 0040544C
                                                                                                          • Part of subcall function 00405414: lstrlenW.KERNEL32(00402EEC,00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EEC,00000000), ref: 0040545C
                                                                                                          • Part of subcall function 00405414: lstrcatW.KERNEL32(00422708,00402EEC,00402EEC,00422708,00000000,00000000,00000000), ref: 0040546F
                                                                                                          • Part of subcall function 00405414: SetWindowTextW.USER32(00422708,00422708), ref: 00405481
                                                                                                          • Part of subcall function 00405414: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004054A7
                                                                                                          • Part of subcall function 00405414: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004054C1
                                                                                                          • Part of subcall function 00405414: SendMessageW.USER32(?,00001013,?,00000000), ref: 004054CF
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\nsqD01E.tmp$C:\Users\user\AppData\Local\Temp\nsqD01E.tmp\System.dll$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet$Call
                                                                                                        • API String ID: 1941528284-4007065136
                                                                                                        • Opcode ID: c80200c29ca938d3f9be0bc76a293d962ee4304018d07197e4f76f8e1ca0c2de
                                                                                                        • Instruction ID: 6d789f9af123ab0f865e5502c846d56d3cd3544f1fa5f1ae7e054fd30d3333f6
                                                                                                        • Opcode Fuzzy Hash: c80200c29ca938d3f9be0bc76a293d962ee4304018d07197e4f76f8e1ca0c2de
                                                                                                        • Instruction Fuzzy Hash: E741D871510115BACF117BA5CD45EAF3679EF01328B20423FF922F10E1DB3C8A519AAE
                                                                                                        Function 00402644 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 677 402644-40265d call 402c15 680 402663-40266a 677->680 681 402abf-402ac2 677->681 682 40266c 680->682 683 40266f-402672 680->683 684 402ac8-402ace 681->684 682->683 685 4027d6-4027de 683->685 686 402678-402687 call 406310 683->686 685->681 686->685 690 40268d 686->690 691 402693-402697 690->691 692 40272c-40272f 691->692 693 40269d-4026b8 ReadFile 691->693 694 402731-402734 692->694 695 402747-402757 call 405f25 692->695 693->685 696 4026be-4026c3 693->696 694->695 697 402736-402741 call 405f83 694->697 695->685 706 402759 695->706 696->685 699 4026c9-4026d7 696->699 697->685 697->695 702 402792-40279e call 4062f7 699->702 703 4026dd-4026ef MultiByteToWideChar 699->703 702->684 703->706 707 4026f1-4026f4 703->707 709 40275c-40275f 706->709 710 4026f6-402701 707->710 709->702 711 402761-402766 709->711 710->709 712 402703-402728 SetFilePointer MultiByteToWideChar 710->712 713 4027a3-4027a7 711->713 714 402768-40276d 711->714 712->710 715 40272a 712->715 716 4027c4-4027d0 SetFilePointer 713->716 717 4027a9-4027ad 713->717 714->713 718 40276f-402782 714->718 715->706 716->685 719 4027b5-4027c2 717->719 720 4027af-4027b3 717->720 718->685 721 402784-40278a 718->721 719->685 720->716 720->719 721->691 722 402790 721->722 722->685
                                                                                                        APIs
                                                                                                        • ReadFile.KERNELBASE(?,?,?,?), ref: 004026B0
                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 004026EB
                                                                                                        • SetFilePointer.KERNELBASE(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 0040270E
                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 00402724
                                                                                                          • Part of subcall function 00405F83: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00405F99
                                                                                                        • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 004027D0
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                        • String ID: 9
                                                                                                        • API String ID: 163830602-2366072709
                                                                                                        • Opcode ID: 87cfad3e31df379bf1329a0d53b4cb21fa96f1686d8734dbec1fa7beea93af1a
                                                                                                        • Instruction ID: c360ee4afea2d2749c5a2d2d3cba589ababf6fe072d155cbc4f623872b1d9462
                                                                                                        • Opcode Fuzzy Hash: 87cfad3e31df379bf1329a0d53b4cb21fa96f1686d8734dbec1fa7beea93af1a
                                                                                                        • Instruction Fuzzy Hash: 2E51F874D0021AAADF20DFA5DA88AAEB779FF04304F50443BE511B72D0D7B899828B58
                                                                                                        Function 0040671A Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 723 40671a-40673a GetSystemDirectoryW 724 40673c 723->724 725 40673e-406740 723->725 724->725 726 406751-406753 725->726 727 406742-40674b 725->727 729 406754-406787 wsprintfW LoadLibraryExW 726->729 727->726 728 40674d-40674f 727->728 728->729
                                                                                                        APIs
                                                                                                        • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406731
                                                                                                        • wsprintfW.USER32 ref: 0040676C
                                                                                                        • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406780
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                        • String ID: %s%S.dll$UXTHEME$\
                                                                                                        • API String ID: 2200240437-1946221925
                                                                                                        • Opcode ID: 40aa1e09304642b089aa1993992f232c43871fa513f82abce0c0f0efb2bd037b
                                                                                                        • Instruction ID: 212fe184e71725d5a8014c1118872f5233ada1a9ecb6260670121aae60094f83
                                                                                                        • Opcode Fuzzy Hash: 40aa1e09304642b089aa1993992f232c43871fa513f82abce0c0f0efb2bd037b
                                                                                                        • Instruction Fuzzy Hash: BBF02170510119ABCF10BB64DD0DF9B375CAB00305F50447AA546F20D1EBBCDA78C798
                                                                                                        Function 004058E3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 730 4058e3-40592e CreateDirectoryW 731 405930-405932 730->731 732 405934-405941 GetLastError 730->732 733 40595b-40595d 731->733 732->733 734 405943-405957 SetFileSecurityW 732->734 734->731 735 405959 GetLastError 734->735 735->733
                                                                                                        APIs
                                                                                                        • CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 00405926
                                                                                                        • GetLastError.KERNEL32 ref: 0040593A
                                                                                                        • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 0040594F
                                                                                                        • GetLastError.KERNEL32 ref: 00405959
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                        • String ID: C:\Users\user\Desktop
                                                                                                        • API String ID: 3449924974-3443045126
                                                                                                        • Opcode ID: 4e538d1c76d2fdfb7cd0fd00a6572ed9e7029d57e55293966324597acc96cb40
                                                                                                        • Instruction ID: c49c088e9ba2396d105a9c54abfe353073567d613583196498a7e7de041cdc41
                                                                                                        • Opcode Fuzzy Hash: 4e538d1c76d2fdfb7cd0fd00a6572ed9e7029d57e55293966324597acc96cb40
                                                                                                        • Instruction Fuzzy Hash: C8011AB1C10619DADF009FA1C9487EFBFB4EF14354F00403AD545B6291D7789618CFA9
                                                                                                        Function 00405ED1 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 37COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 736 405ed1-405edd 737 405ede-405f12 GetTickCount GetTempFileNameW 736->737 738 405f21-405f23 737->738 739 405f14-405f16 737->739 741 405f1b-405f1e 738->741 739->737 740 405f18 739->740 740->741
                                                                                                        APIs
                                                                                                        • GetTickCount.KERNEL32 ref: 00405EEF
                                                                                                        • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,"C:\Users\user\Desktop\FACTURA-002297.exe",00403487,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,76C13420,004036D5), ref: 00405F0A
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CountFileNameTempTick
                                                                                                        • String ID: "C:\Users\user\Desktop\FACTURA-002297.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                        • API String ID: 1716503409-913380811
                                                                                                        • Opcode ID: 0c62091ad8b50aef506abc269e58e4a43f33256201187c1c154fac6de66d8f01
                                                                                                        • Instruction ID: 6418149b7de8853f47a359c443b4445f7a51012143164c36937b703eba88611a
                                                                                                        • Opcode Fuzzy Hash: 0c62091ad8b50aef506abc269e58e4a43f33256201187c1c154fac6de66d8f01
                                                                                                        • Instruction Fuzzy Hash: 51F03076A00204FBEB009F59ED05E9BB7ACEB95750F10803AED41F7250E6B49A54CB69
                                                                                                        Function 10001759 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 742 10001759-10001795 call 10001b18 746 100018a6-100018a8 742->746 747 1000179b-1000179f 742->747 748 100017a1-100017a7 call 10002286 747->748 749 100017a8-100017b5 call 100022d0 747->749 748->749 754 100017e5-100017ec 749->754 755 100017b7-100017bc 749->755 756 1000180c-10001810 754->756 757 100017ee-1000180a call 100024a4 call 100015b4 call 10001272 GlobalFree 754->757 758 100017d7-100017da 755->758 759 100017be-100017bf 755->759 763 10001812-1000184c call 100015b4 call 100024a4 756->763 764 1000184e-10001854 call 100024a4 756->764 780 10001855-10001859 757->780 758->754 765 100017dc-100017dd call 10002b57 758->765 761 100017c1-100017c2 759->761 762 100017c7-100017c8 call 1000289c 759->762 769 100017c4-100017c5 761->769 770 100017cf-100017d5 call 10002640 761->770 776 100017cd 762->776 763->780 764->780 773 100017e2 765->773 769->754 769->762 779 100017e4 770->779 773->779 776->773 779->754 785 10001896-1000189d 780->785 786 1000185b-10001869 call 10002467 780->786 785->746 788 1000189f-100018a0 GlobalFree 785->788 792 10001881-10001888 786->792 793 1000186b-1000186e 786->793 788->746 792->785 795 1000188a-10001895 call 1000153d 792->795 793->792 794 10001870-10001878 793->794 794->792 796 1000187a-1000187b FreeLibrary 794->796 795->785 796->792
                                                                                                        APIs
                                                                                                          • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D83
                                                                                                          • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D88
                                                                                                          • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D8D
                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 10001804
                                                                                                        • FreeLibrary.KERNEL32(?), ref: 1000187B
                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 100018A0
                                                                                                          • Part of subcall function 10002286: GlobalAlloc.KERNEL32(00000040,8BC3C95B), ref: 100022B8
                                                                                                          • Part of subcall function 10002640: GlobalAlloc.KERNEL32(00000040,?,?,?,00000000,?,?,?,?,100017D5,00000000), ref: 100026B2
                                                                                                          • Part of subcall function 100015B4: lstrcpyW.KERNEL32(00000000,10004020,00000000,10001731,00000000), ref: 100015CD
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12785365661.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12785336393.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12785394722.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12785424175.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_10000000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Global$Free$Alloc$Librarylstrcpy
                                                                                                        • String ID:
                                                                                                        • API String ID: 1791698881-3916222277
                                                                                                        • Opcode ID: 80a71440bbdc6676df6433b68331a89e098fd0a61e7fd3645cfd834030fcbe9d
                                                                                                        • Instruction ID: 65685ba44f5e0dd4e22f20931bb662b0f8110762eb821eef9687284fed8b6370
                                                                                                        • Opcode Fuzzy Hash: 80a71440bbdc6676df6433b68331a89e098fd0a61e7fd3645cfd834030fcbe9d
                                                                                                        • Instruction Fuzzy Hash: 4A31AC75804241AAFB14DF649CC9BDA37E8FF043D4F158065FA0AAA08FDFB4A984C761
                                                                                                        Function 004023DE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 799 4023de-40240f call 402c37 * 2 call 402cc7 806 402415-40241f 799->806 807 402abf-402ace 799->807 809 402421-40242e call 402c37 lstrlenW 806->809 810 402432-402435 806->810 809->810 811 402437-402448 call 402c15 810->811 812 402449-40244c 810->812 811->812 816 40245d-402471 RegSetValueExW 812->816 817 40244e-402458 call 4031ba 812->817 821 402473 816->821 822 402476-402557 RegCloseKey 816->822 817->816 821->822 822->807 824 402885-40288c 822->824 824->807
                                                                                                        APIs
                                                                                                        • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsqD01E.tmp,00000023,00000011,00000002), ref: 00402429
                                                                                                        • RegSetValueExW.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsqD01E.tmp,00000000,00000011,00000002), ref: 00402469
                                                                                                        • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsqD01E.tmp,00000000,00000011,00000002), ref: 00402551
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CloseValuelstrlen
                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\nsqD01E.tmp
                                                                                                        • API String ID: 2655323295-684816070
                                                                                                        • Opcode ID: e48b1e85c28757713ab227aa479e2b9ceb42c74d784ae5642fab68139845f862
                                                                                                        • Instruction ID: 1eab41df84c6b24c6b923ea001d17cdc0cfdc7d4c8a499a75fdfc4da8179f3fa
                                                                                                        • Opcode Fuzzy Hash: e48b1e85c28757713ab227aa479e2b9ceb42c74d784ae5642fab68139845f862
                                                                                                        • Instruction Fuzzy Hash: A1118171E00108AFEB10AFA5DE49EAEBAB4EB54354F11803AF504F71D1DBB84D459B58
                                                                                                        Function 00402D2A Relevance: 6.1, APIs: 4, Instructions: 64registryCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 825 402d2a-402d53 call 40621d 827 402d58-402d5a 825->827 828 402dd0-402dd4 827->828 829 402d5c-402d62 827->829 830 402d7e-402d93 RegEnumKeyW 829->830 831 402d64-402d66 830->831 832 402d95-402da7 RegCloseKey call 40678a 830->832 834 402db6-402dc2 RegCloseKey 831->834 835 402d68-402d7c call 402d2a 831->835 839 402dc4-402dca RegDeleteKeyW 832->839 840 402da9-402db4 832->840 834->828 835->830 835->832 839->828 840->828
                                                                                                        APIs
                                                                                                        • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402D8F
                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00402D98
                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00402DB9
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Close$Enum
                                                                                                        • String ID:
                                                                                                        • API String ID: 464197530-0
                                                                                                        • Opcode ID: df4bd2222173038e22a6f7143f63260fc380016edffd80d7804df4238b5218be
                                                                                                        • Instruction ID: 0f4b1bf7762f76a333ccd5711aab570045f86c75fcf3a50f9e11fcc9d843940a
                                                                                                        • Opcode Fuzzy Hash: df4bd2222173038e22a6f7143f63260fc380016edffd80d7804df4238b5218be
                                                                                                        • Instruction Fuzzy Hash: 21116A32540509FBDF129F90CE09BEE7B69EF58344F110076B905B50E0E7B5DE21AB68
                                                                                                        Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 926 4015c1-4015d5 call 402c37 call 405d2c 931 401631-401634 926->931 932 4015d7-4015ea call 405cae 926->932 934 401663-40224a call 401423 931->934 935 401636-401655 call 401423 call 4063b0 SetCurrentDirectoryW 931->935 939 401604-401607 call 405960 932->939 940 4015ec-4015ef 932->940 949 402885-40288c 934->949 950 402abf-402ace 934->950 935->950 955 40165b-40165e 935->955 951 40160c-40160e 939->951 940->939 943 4015f1-4015f8 call 40597d 940->943 943->939 959 4015fa-4015fd call 4058e3 943->959 949->950 952 401610-401615 951->952 953 401627-40162f 951->953 957 401624 952->957 958 401617-401622 GetFileAttributesW 952->958 953->931 953->932 955->950 957->953 958->953 958->957 962 401602 959->962 962->951
                                                                                                        APIs
                                                                                                          • Part of subcall function 00405D2C: CharNextW.USER32(?,?,00425F30,?,00405DA0,00425F30,00425F30,?,?,76C12EE0,00405ADE,?,C:\Users\user\AppData\Local\Temp\,76C12EE0,00000000), ref: 00405D3A
                                                                                                          • Part of subcall function 00405D2C: CharNextW.USER32(00000000), ref: 00405D3F
                                                                                                          • Part of subcall function 00405D2C: CharNextW.USER32(00000000), ref: 00405D57
                                                                                                        • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                                          • Part of subcall function 004058E3: CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 00405926
                                                                                                        • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet,?,00000000,000000F0), ref: 0040164D
                                                                                                        Strings
                                                                                                        • C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet, xrefs: 00401640
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                        • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet
                                                                                                        • API String ID: 1892508949-2667514213
                                                                                                        • Opcode ID: 63e3afcb8f518b8f961fa91b0460bec2abaa85340c93af8d37e8798651ac2648
                                                                                                        • Instruction ID: a4cb8c34a70438e14e420fb04ab38ad532f12a03bdfc5322accc4ce246dd33dc
                                                                                                        • Opcode Fuzzy Hash: 63e3afcb8f518b8f961fa91b0460bec2abaa85340c93af8d37e8798651ac2648
                                                                                                        • Instruction Fuzzy Hash: 9011BE31504104EBCF31AFA0CD0199F36A0EF14368B28493BEA45B22F1DB3E4D51DA4E
                                                                                                        Function 00405995 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00426730,Error launching installer), ref: 004059BE
                                                                                                        • CloseHandle.KERNEL32(?), ref: 004059CB
                                                                                                        Strings
                                                                                                        • Error launching installer, xrefs: 004059A8
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CloseCreateHandleProcess
                                                                                                        • String ID: Error launching installer
                                                                                                        • API String ID: 3712363035-66219284
                                                                                                        • Opcode ID: 6d78ed6c6b667bfe634139d4e18f22187190c1a967eebebbcf2d401a0833c7e8
                                                                                                        • Instruction ID: 7702c274cdf70951028335e9b96fa9876c0cc9a795fc840707e03dbfe60e7272
                                                                                                        • Opcode Fuzzy Hash: 6d78ed6c6b667bfe634139d4e18f22187190c1a967eebebbcf2d401a0833c7e8
                                                                                                        • Instruction Fuzzy Hash: B4E046F0A00209BFEB009BA4ED09F7BBAACFB04208F418431BD00F6190D774A8208A78
                                                                                                        Function 00406EEF Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 86ce5b7836e8efc76d9880a3b815598044ae852516a7a266a4593ffa0bd4c046
                                                                                                        • Instruction ID: 1a1db7b112f5c349f32c040b215ce8adb2231ea54f988815808aa67dfaaa6b76
                                                                                                        • Opcode Fuzzy Hash: 86ce5b7836e8efc76d9880a3b815598044ae852516a7a266a4593ffa0bd4c046
                                                                                                        • Instruction Fuzzy Hash: 6AA15271E04228CBDF28CFA8C8446ADBBB1FF44305F14816ED856BB281D7786A86DF45
                                                                                                        Function 004070F0 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f289ec4eae441b973c5cf469eb2209b78d92787f90c2f70d8ea77383fdb072af
                                                                                                        • Instruction ID: 81ced8d75bd8cd674d530aa485ef516b0f39a629971cfce93107e9c84bdcedbb
                                                                                                        • Opcode Fuzzy Hash: f289ec4eae441b973c5cf469eb2209b78d92787f90c2f70d8ea77383fdb072af
                                                                                                        • Instruction Fuzzy Hash: 4E912170E04228CBDF28CFA8C8547ADBBB1FB44305F14816ED856BB281D778A986DF45
                                                                                                        Function 00406E06 Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 36b8550c79165f3bd8438b4b7b77fc639822643401bcc62ffa2a7152ccecd571
                                                                                                        • Instruction ID: 6e186065c07e551db02da0b657444ed8a40fac9cbefa0218a87430385e41b7b0
                                                                                                        • Opcode Fuzzy Hash: 36b8550c79165f3bd8438b4b7b77fc639822643401bcc62ffa2a7152ccecd571
                                                                                                        • Instruction Fuzzy Hash: F7814571E04228CFDF24CFA8C8447ADBBB1FB45305F24816AD856BB281C778A996DF45
                                                                                                        Function 0040690B Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: fd90919654d861d793b9259fd4ddd35531221e69384e43b7f209bc021a7cca94
                                                                                                        • Instruction ID: 1a645af2666a8cd9619cdf871bd9e2c738fb6a6c353dc56c4864b2e7a25bf22b
                                                                                                        • Opcode Fuzzy Hash: fd90919654d861d793b9259fd4ddd35531221e69384e43b7f209bc021a7cca94
                                                                                                        • Instruction Fuzzy Hash: 71816771E04228DBEF28CFA8C8447ADBBB1FB44301F14816AD956BB2C1C7786986DF45
                                                                                                        Function 00406D59 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 7afd307a57d874939e6d1f07c4a81c11abd2b71d61e18d684fba0f23c35f734a
                                                                                                        • Instruction ID: b0583babc1dad824d13d86abae56a1a356e3ceb45be48e511182641c275db258
                                                                                                        • Opcode Fuzzy Hash: 7afd307a57d874939e6d1f07c4a81c11abd2b71d61e18d684fba0f23c35f734a
                                                                                                        • Instruction Fuzzy Hash: 8C712471E04228CFDF28CFA8C9447ADBBB1FB44305F15806AD856BB281D7386996DF45
                                                                                                        Function 00406E77 Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c52b64c4cba7ecf1fb5e1bb59396999cb3f4df188a1ab73f316032be63138ba7
                                                                                                        • Instruction ID: 968097f9e37e498ed83c4652799cdf8e1ebeb5c7fee57b8dc09d96684c556b9e
                                                                                                        • Opcode Fuzzy Hash: c52b64c4cba7ecf1fb5e1bb59396999cb3f4df188a1ab73f316032be63138ba7
                                                                                                        • Instruction Fuzzy Hash: 27712471E04228CFDF28CFA8C854BADBBB1FB44305F15806AD856BB281C7786996DF45
                                                                                                        Function 00406DC3 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c741c7bc90f3712fe41ea972859e43f39dd565e03f7b0e7aa23f6ef9dcbd7f18
                                                                                                        • Instruction ID: 737cb098acab11621bc79b115fd6dc57f162d32c21417d2b0fd17844244e9397
                                                                                                        • Opcode Fuzzy Hash: c741c7bc90f3712fe41ea972859e43f39dd565e03f7b0e7aa23f6ef9dcbd7f18
                                                                                                        • Instruction Fuzzy Hash: 5A714571E04228CFEF28CF98C8447ADBBB1FB44305F14806AD956BB281C778A996DF45
                                                                                                        Function 004032C2 Relevance: 4.6, APIs: 3, Instructions: 101COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GetTickCount.KERNEL32 ref: 004032D6
                                                                                                          • Part of subcall function 00403441: SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040313F,?), ref: 0040344F
                                                                                                        • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,004031EC,00000004,00000000,00000000,?,?,00403166,000000FF,00000000,00000000,0040A230,?), ref: 00403309
                                                                                                        • SetFilePointer.KERNELBASE(00147DA5,00000000,00000000,00414ED0,00004000,?,00000000,004031EC,00000004,00000000,00000000,?,?,00403166,000000FF,00000000), ref: 00403404
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: FilePointer$CountTick
                                                                                                        • String ID:
                                                                                                        • API String ID: 1092082344-0
                                                                                                        • Opcode ID: 63f894617870b8b9b6b4d0f35ad55c68ae2789ba15d09fbc75adc17a06edb544
                                                                                                        • Instruction ID: 8a5bf560653b24f1bd3cd60389d49066fb51751ebaffca469d7b7cf87711dc5f
                                                                                                        • Opcode Fuzzy Hash: 63f894617870b8b9b6b4d0f35ad55c68ae2789ba15d09fbc75adc17a06edb544
                                                                                                        • Instruction Fuzzy Hash: 10316C72610211DBD711DF29EEC49A63BA9F78439A714823FE900B62E0CBB95D058B9D
                                                                                                        Function 0040202C Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 00402057
                                                                                                          • Part of subcall function 00405414: lstrlenW.KERNEL32(00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EEC,00000000,?), ref: 0040544C
                                                                                                          • Part of subcall function 00405414: lstrlenW.KERNEL32(00402EEC,00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EEC,00000000), ref: 0040545C
                                                                                                          • Part of subcall function 00405414: lstrcatW.KERNEL32(00422708,00402EEC,00402EEC,00422708,00000000,00000000,00000000), ref: 0040546F
                                                                                                          • Part of subcall function 00405414: SetWindowTextW.USER32(00422708,00422708), ref: 00405481
                                                                                                          • Part of subcall function 00405414: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004054A7
                                                                                                          • Part of subcall function 00405414: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004054C1
                                                                                                          • Part of subcall function 00405414: SendMessageW.USER32(?,00001013,?,00000000), ref: 004054CF
                                                                                                        • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00402068
                                                                                                        • FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 004020E5
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                                        • String ID:
                                                                                                        • API String ID: 334405425-0
                                                                                                        • Opcode ID: 44d570d4ef42a6af9798bac81a48d6e43403590213f26621d83d999ce1ed40c7
                                                                                                        • Instruction ID: efb744b1bbbaa1f1e58e2693dd3ff93cd36a27706c6aad24c330354b17a2434d
                                                                                                        • Opcode Fuzzy Hash: 44d570d4ef42a6af9798bac81a48d6e43403590213f26621d83d999ce1ed40c7
                                                                                                        • Instruction Fuzzy Hash: 6F21C531900218EBCF20AFA5CE4CA9E7A70AF04354F60413BF610B61E1DBBD4991DA6E
                                                                                                        Function 00401B71 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00401BE1
                                                                                                        • GlobalAlloc.KERNELBASE(00000040,00000804), ref: 00401BF3
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Global$AllocFree
                                                                                                        • String ID: Call
                                                                                                        • API String ID: 3394109436-1824292864
                                                                                                        • Opcode ID: 6a27723cd33979d5ccceb52c727bba02617a76204f9552189d3104983f6bb1b5
                                                                                                        • Instruction ID: 81df35259a3df780e2a5f09322996839f14f5544e2eb4a40810e3e9637107665
                                                                                                        • Opcode Fuzzy Hash: 6a27723cd33979d5ccceb52c727bba02617a76204f9552189d3104983f6bb1b5
                                                                                                        • Instruction Fuzzy Hash: 06218E72A40140DFDB20EB949E8495E77B9AF44314B25413BFA02F72D1DB789851CB9D
                                                                                                        Function 004024F2 Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 00402525
                                                                                                        • RegEnumValueW.ADVAPI32(00000000,00000000,?,?), ref: 00402538
                                                                                                        • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsqD01E.tmp,00000000,00000011,00000002), ref: 00402551
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Enum$CloseValue
                                                                                                        • String ID:
                                                                                                        • API String ID: 397863658-0
                                                                                                        • Opcode ID: 297b237e24fbbf63aa7ca08728d7b3950c3333922afcc1c5b6d3d1192ed08725
                                                                                                        • Instruction ID: 4fa2f3c06f6248971957712acf2942ced6ba336c37b2851dfbda8b2cd28c17b0
                                                                                                        • Opcode Fuzzy Hash: 297b237e24fbbf63aa7ca08728d7b3950c3333922afcc1c5b6d3d1192ed08725
                                                                                                        • Instruction Fuzzy Hash: 6D017171904104EFE7159FA5DE89ABFB6B8EF44348F10403EF105A62D0DAB84E459B69
                                                                                                        Function 1000289C Relevance: 3.2, APIs: 2, Instructions: 156memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • VirtualAllocEx.KERNELBASE(00000000), ref: 1000295B
                                                                                                        • GetLastError.KERNEL32 ref: 10002A62
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12785365661.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12785336393.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12785394722.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12785424175.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_10000000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: AllocErrorLastVirtual
                                                                                                        • String ID:
                                                                                                        • API String ID: 497505419-0
                                                                                                        • Opcode ID: 34874d5dbfeecf70d049f007544d8fe97316615c6b6b2225bbceacac8e3d04ae
                                                                                                        • Instruction ID: 6dfa44c8e371a7ac1a486a55eff0af4ad814c9ea0d06d7514663fdd8c294557a
                                                                                                        • Opcode Fuzzy Hash: 34874d5dbfeecf70d049f007544d8fe97316615c6b6b2225bbceacac8e3d04ae
                                                                                                        • Instruction Fuzzy Hash: 4E51B4B9905211DFFB20DFA4DCC675937A8EB443D4F22C42AEA04E726DCE34A990CB55
                                                                                                        Function 004031BA Relevance: 3.1, APIs: 2, Instructions: 88COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • SetFilePointer.KERNELBASE(0040A230,00000000,00000000,00000000,00000000,?,?,00403166,000000FF,00000000,00000000,0040A230,?), ref: 004031DF
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: FilePointer
                                                                                                        • String ID:
                                                                                                        • API String ID: 973152223-0
                                                                                                        • Opcode ID: af526002166308cc95fa76d49654f36d838bd7a13899b6376ccfe278c881acad
                                                                                                        • Instruction ID: 4c6ae7a0626839fce45d877b24888c0af913333af22313e68c4d1644c71cb298
                                                                                                        • Opcode Fuzzy Hash: af526002166308cc95fa76d49654f36d838bd7a13899b6376ccfe278c881acad
                                                                                                        • Instruction Fuzzy Hash: 3B319C3020021AFFDB109F95ED84ADB3F68EB04359B1085BEF904E6190D778CE509BA9
                                                                                                        Function 0040247E Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?), ref: 004024AF
                                                                                                        • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsqD01E.tmp,00000000,00000011,00000002), ref: 00402551
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CloseQueryValue
                                                                                                        • String ID:
                                                                                                        • API String ID: 3356406503-0
                                                                                                        • Opcode ID: a3b88ef37a04c447d509aafcd647c8bb55f7a85eb83bcf9e8b78a58130226466
                                                                                                        • Instruction ID: 2d27e3624369fee7c217219a4e344138e42523264533ea489648bddc6477d6d2
                                                                                                        • Opcode Fuzzy Hash: a3b88ef37a04c447d509aafcd647c8bb55f7a85eb83bcf9e8b78a58130226466
                                                                                                        • Instruction Fuzzy Hash: 53119171900209EBEB24DFA4CA585AEB6B4EF04344F20843FE046A62C0D7B84A45DB5A
                                                                                                        Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                        • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MessageSend
                                                                                                        • String ID:
                                                                                                        • API String ID: 3850602802-0
                                                                                                        • Opcode ID: 23ed1533968369fb0e08a97211bc38e5ec6adcca8744e4a1682e6817b2d67833
                                                                                                        • Instruction ID: 4945fb4554c9d48a14a82d28c5fc4c127f2c3d85d8aa5c2a63fae023cf5e702c
                                                                                                        • Opcode Fuzzy Hash: 23ed1533968369fb0e08a97211bc38e5ec6adcca8744e4a1682e6817b2d67833
                                                                                                        • Instruction Fuzzy Hash: AB01F431724210EBEB199B789D04B2A3698E710714F104A7FF855F62F1DA78CC529B5D
                                                                                                        Function 00402388 Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 004023AA
                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 004023B3
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CloseDeleteValue
                                                                                                        • String ID:
                                                                                                        • API String ID: 2831762973-0
                                                                                                        • Opcode ID: 3500e27f67e3657d3f13e648c5a4e4955d4a6b8459d35a1d73aadda57e6becb1
                                                                                                        • Instruction ID: eeebe11236d86b478005370e27fb04b66889edd8f93d7ff1d49de92df4b57ee5
                                                                                                        • Opcode Fuzzy Hash: 3500e27f67e3657d3f13e648c5a4e4955d4a6b8459d35a1d73aadda57e6becb1
                                                                                                        • Instruction Fuzzy Hash: 58F09632A04114DBE711BBA49B4EABEB2A59B44354F16053FFA02F71C1DEFC4D41866D
                                                                                                        Function 00401E43 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • ShowWindow.USER32(00000000,00000000), ref: 00401E61
                                                                                                        • EnableWindow.USER32(00000000,00000000), ref: 00401E6C
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Window$EnableShow
                                                                                                        • String ID:
                                                                                                        • API String ID: 1136574915-0
                                                                                                        • Opcode ID: 611feb8e2eb8574bcf65ce6e82aff3c902186df27cfe016bcc5f4eefe149f0e3
                                                                                                        • Instruction ID: 353457a250eeab47012712e359045a90ae935b3a48e85cb5936bf3a8ff6902a1
                                                                                                        • Opcode Fuzzy Hash: 611feb8e2eb8574bcf65ce6e82aff3c902186df27cfe016bcc5f4eefe149f0e3
                                                                                                        • Instruction Fuzzy Hash: 40E09232E08200CFD724DBA5AA4946D77B0EB84354720407FE112F11D1DA784881CF6D
                                                                                                        Function 0040678A Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GetModuleHandleA.KERNEL32(?,00000020,?,004034FB,0000000A), ref: 0040679C
                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 004067B7
                                                                                                          • Part of subcall function 0040671A: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406731
                                                                                                          • Part of subcall function 0040671A: wsprintfW.USER32 ref: 0040676C
                                                                                                          • Part of subcall function 0040671A: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406780
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                        • String ID:
                                                                                                        • API String ID: 2547128583-0
                                                                                                        • Opcode ID: 1fd694bbbc018e5f81eae6ff46d5e7dd0c39e86c0a2cf65890550c3579ed631a
                                                                                                        • Instruction ID: 6fedc38abd16d04710e8a636fd16f84820eabe090bba127bd882252d3fb3e83b
                                                                                                        • Opcode Fuzzy Hash: 1fd694bbbc018e5f81eae6ff46d5e7dd0c39e86c0a2cf65890550c3579ed631a
                                                                                                        • Instruction Fuzzy Hash: 21E0863250421156D21096745E4893772AC9AC4718307843EF956F3041DB389C35A76D
                                                                                                        Function 00405EA2 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GetFileAttributesW.KERNELBASE(00000003,00402F57,C:\Users\user\Desktop\FACTURA-002297.exe,80000000,00000003), ref: 00405EA6
                                                                                                        • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405EC8
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: File$AttributesCreate
                                                                                                        • String ID:
                                                                                                        • API String ID: 415043291-0
                                                                                                        • Opcode ID: 133c91a1dbaf88dbfd801214b1c0a7aa23d67a900b7421546c440c33baf3910c
                                                                                                        • Instruction ID: 5201df1ff3c0a0bd0294a98706b79309786c42e99614e685d4e3591f63f4d9e2
                                                                                                        • Opcode Fuzzy Hash: 133c91a1dbaf88dbfd801214b1c0a7aa23d67a900b7421546c440c33baf3910c
                                                                                                        • Instruction Fuzzy Hash: D5D09E31254601AFEF098F20DE16F2E7AA2EB84B04F11552CB7C2940E0DA7158199B15
                                                                                                        Function 00405960 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CreateDirectoryW.KERNELBASE(?,00000000,0040347C,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,76C13420,004036D5,?,00000006,00000008,0000000A), ref: 00405966
                                                                                                        • GetLastError.KERNEL32(?,00000006,00000008,0000000A), ref: 00405974
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CreateDirectoryErrorLast
                                                                                                        • String ID:
                                                                                                        • API String ID: 1375471231-0
                                                                                                        • Opcode ID: 2a128b8619e21daab1f352946d406dfe7ea7319ba132ee6f2f415100985951e7
                                                                                                        • Instruction ID: a0b70af09676f49ae35af12b400ff138e6ea5c47fed9fef2c083bef2843b0e9d
                                                                                                        • Opcode Fuzzy Hash: 2a128b8619e21daab1f352946d406dfe7ea7319ba132ee6f2f415100985951e7
                                                                                                        • Instruction Fuzzy Hash: 97C04C71255506DADB105F31DE08F1B7A50AB60751F11843AA18AE51B0DA348455DD2D
                                                                                                        Function 004027E9 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 00402807
                                                                                                          • Part of subcall function 004062F7: wsprintfW.USER32 ref: 00406304
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: FilePointerwsprintf
                                                                                                        • String ID:
                                                                                                        • API String ID: 327478801-0
                                                                                                        • Opcode ID: df39207a0041021f90c9c5904dee6126a22bdfdf8dd6c18872903947b59110e0
                                                                                                        • Instruction ID: 55fb61e46e544c01c8f838511187bb9fe83791c0a23b57862087ec8cac53259a
                                                                                                        • Opcode Fuzzy Hash: df39207a0041021f90c9c5904dee6126a22bdfdf8dd6c18872903947b59110e0
                                                                                                        • Instruction Fuzzy Hash: EDE09271A00104AFDB11EBA5AF499AE7779DB80304B14407FF501F11D2CB790D52DE2E
                                                                                                        Function 00402306 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 0040233D
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: PrivateProfileStringWrite
                                                                                                        • String ID:
                                                                                                        • API String ID: 390214022-0
                                                                                                        • Opcode ID: 611604a497d22fd9b22a7666efc1e18301a5eb9844a24c96cea5756000cc0278
                                                                                                        • Instruction ID: f718b570c03cd879152723008abd35f840e0595a9afadee28286a7759bd10add
                                                                                                        • Opcode Fuzzy Hash: 611604a497d22fd9b22a7666efc1e18301a5eb9844a24c96cea5756000cc0278
                                                                                                        • Instruction Fuzzy Hash: A1E086719042686EE7303AF10F8EDBF50989B44348B55093FBA01B61C2D9FC0D46826D
                                                                                                        Function 0040624B Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402CE8,00000000,?,?), ref: 00406274
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Create
                                                                                                        • String ID:
                                                                                                        • API String ID: 2289755597-0
                                                                                                        • Opcode ID: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                                                        • Instruction ID: 479e159ceda2cb7b50184963f42fe168e38793edbf0b306f3e9e40cefa011f94
                                                                                                        • Opcode Fuzzy Hash: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                                                        • Instruction Fuzzy Hash: F5E0E672010109BEEF195F50DD0AD7B371DE704314F01452EFA07E4051E6B5A9305734
                                                                                                        Function 00405F54 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • WriteFile.KERNELBASE(0040A230,00000000,00000000,00000000,00000000,00411480,0040CED0,004033C2,0040CED0,00411480,00414ED0,00004000,?,00000000,004031EC,00000004), ref: 00405F68
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: FileWrite
                                                                                                        • String ID:
                                                                                                        • API String ID: 3934441357-0
                                                                                                        • Opcode ID: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                                                                        • Instruction ID: 6078229a914e39b74a0c5ece066be2a5834b756046c3aff4b734283800ecbe33
                                                                                                        • Opcode Fuzzy Hash: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                                                                        • Instruction Fuzzy Hash: 2DE0EC3221065EABDF109EA59C00EEB7B6CFB053A0F004437FD25E3150D775E9219BA8
                                                                                                        Function 00405F25 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • ReadFile.KERNELBASE(0040A230,00000000,00000000,00000000,00000000,00414ED0,0040CED0,0040343E,0040A230,0040A230,00403342,00414ED0,00004000,?,00000000,004031EC), ref: 00405F39
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: FileRead
                                                                                                        • String ID:
                                                                                                        • API String ID: 2738559852-0
                                                                                                        • Opcode ID: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                                                                        • Instruction ID: 9b2ea83f702eb3fffeb4c264c614e4c5cb206e28bf88f3110778221d7db1fef5
                                                                                                        • Opcode Fuzzy Hash: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                                                                        • Instruction Fuzzy Hash: D7E08C3220021AEBCF109F508C00EEB3B6CEB04360F004472F925E2180E234E8219FA8
                                                                                                        Function 100027C2 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • VirtualProtect.KERNELBASE(1000405C,00000004,00000040,1000404C), ref: 100027E0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12785365661.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12785336393.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12785394722.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12785424175.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_10000000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ProtectVirtual
                                                                                                        • String ID:
                                                                                                        • API String ID: 544645111-0
                                                                                                        • Opcode ID: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                                                                        • Instruction ID: 43a77b614ff4017466e57d7f63f0e44ab05d53355a3bca00642047650885b550
                                                                                                        • Opcode Fuzzy Hash: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                                                                        • Instruction Fuzzy Hash: C5F0A5F15057A0DEF350DF688C847063BE4E3583C4B03852AE368F6269EB344454DF19
                                                                                                        Function 0040621D Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,?,?,00422708,?,?,004062AB,00422708,00000000,?,?,Call,?), ref: 00406241
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Open
                                                                                                        • String ID:
                                                                                                        • API String ID: 71445658-0
                                                                                                        • Opcode ID: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                                                        • Instruction ID: 3024dc78f91217c8ac754af2bee00b96045fdb9f0f4599777b3fb0e88d8c22ab
                                                                                                        • Opcode Fuzzy Hash: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                                                        • Instruction Fuzzy Hash: 8AD0123200020DBBDF116E919D05FAB371DEB04310F014426FE16A4091D775D530AB15
                                                                                                        Function 004015A3 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • SetFileAttributesW.KERNELBASE(00000000,?,000000F0), ref: 004015AE
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: AttributesFile
                                                                                                        • String ID:
                                                                                                        • API String ID: 3188754299-0
                                                                                                        • Opcode ID: 29d25e4036f002882842ff2abbc33b1b61682e4b1f0e1c41cb6674e83b655918
                                                                                                        • Instruction ID: 608ef69ca2b13f27eda1cfcd16162797e0d7c1effb02ba883df1ee114d760796
                                                                                                        • Opcode Fuzzy Hash: 29d25e4036f002882842ff2abbc33b1b61682e4b1f0e1c41cb6674e83b655918
                                                                                                        • Instruction Fuzzy Hash: 44D01272B04104DBDB21DBA4AF0859D73A59B10364B204677E101F11D1DAB989559A1D
                                                                                                        Function 00403441 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040313F,?), ref: 0040344F
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: FilePointer
                                                                                                        • String ID:
                                                                                                        • API String ID: 973152223-0
                                                                                                        • Opcode ID: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                                                                        • Instruction ID: c7266a3154837caca095f11e7777f6dda2278cbf6cff4ee7664d3894fc3aa091
                                                                                                        • Opcode Fuzzy Hash: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                                                                        • Instruction Fuzzy Hash: ECB01271240300BFDA214F00DF09F057B21AB90700F10C034B348380F086711035EB0D
                                                                                                        Function 00401F00 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                          • Part of subcall function 00405414: lstrlenW.KERNEL32(00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EEC,00000000,?), ref: 0040544C
                                                                                                          • Part of subcall function 00405414: lstrlenW.KERNEL32(00402EEC,00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EEC,00000000), ref: 0040545C
                                                                                                          • Part of subcall function 00405414: lstrcatW.KERNEL32(00422708,00402EEC,00402EEC,00422708,00000000,00000000,00000000), ref: 0040546F
                                                                                                          • Part of subcall function 00405414: SetWindowTextW.USER32(00422708,00422708), ref: 00405481
                                                                                                          • Part of subcall function 00405414: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004054A7
                                                                                                          • Part of subcall function 00405414: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004054C1
                                                                                                          • Part of subcall function 00405414: SendMessageW.USER32(?,00001013,?,00000000), ref: 004054CF
                                                                                                          • Part of subcall function 00405995: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00426730,Error launching installer), ref: 004059BE
                                                                                                          • Part of subcall function 00405995: CloseHandle.KERNEL32(?), ref: 004059CB
                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401F47
                                                                                                          • Part of subcall function 0040683B: WaitForSingleObject.KERNEL32(?,00000064), ref: 0040684C
                                                                                                          • Part of subcall function 0040683B: GetExitCodeProcess.KERNEL32(?,?), ref: 0040686E
                                                                                                          • Part of subcall function 004062F7: wsprintfW.USER32 ref: 00406304
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                                                                        • String ID:
                                                                                                        • API String ID: 2972824698-0
                                                                                                        • Opcode ID: b4474b7c365b70f9dc7c58f3b4c8f6c607978000052ce3e09dedc8896c81aea9
                                                                                                        • Instruction ID: 78872c6594437c8f6fb94a475087433cb7c5ddb6828dda6eb17a8edff69df0b5
                                                                                                        • Opcode Fuzzy Hash: b4474b7c365b70f9dc7c58f3b4c8f6c607978000052ce3e09dedc8896c81aea9
                                                                                                        • Instruction Fuzzy Hash: 93F0F072905021DBCB20FBA58E848DE72B09F01328B2101BFF101F21D1C77C0E418AAE
                                                                                                        Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • Sleep.KERNELBASE(00000000), ref: 004014EA
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Sleep
                                                                                                        • String ID:
                                                                                                        • API String ID: 3472027048-0
                                                                                                        • Opcode ID: cb92cf7ccb1965bdce3badc7d49dd673c55c158fa478f1f9cab94f81649d65d9
                                                                                                        • Instruction ID: adf76bd272608bb1b99769d9a9b05885636640fbfa2c3f91bbd7a8ebdab0685d
                                                                                                        • Opcode Fuzzy Hash: cb92cf7ccb1965bdce3badc7d49dd673c55c158fa478f1f9cab94f81649d65d9
                                                                                                        • Instruction Fuzzy Hash: 45D0A773F141008BD720EBB8BE8945E73F8E7803193208837E102F11D1E578C8928A2D
                                                                                                        Function 1000121B Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GlobalAlloc.KERNELBASE(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12785365661.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12785336393.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12785394722.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12785424175.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_10000000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: AllocGlobal
                                                                                                        • String ID:
                                                                                                        • API String ID: 3761449716-0
                                                                                                        • Opcode ID: 9c514497dbeefca74e47a404b0d43d99d31e609484f565d326becb97793310f2
                                                                                                        • Instruction ID: 8a0ecea123cfc10dc9c303f5c75fb6a011d4279a03f0c54a853e6fb6a4ccb70c
                                                                                                        • Opcode Fuzzy Hash: 9c514497dbeefca74e47a404b0d43d99d31e609484f565d326becb97793310f2
                                                                                                        • Instruction Fuzzy Hash: E3B012B0A00010DFFE00CB64CC8AF363358D740340F018000F701D0158C53088108638

                                                                                                        Non-executed Functions

                                                                                                        Function 00405553 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GetDlgItem.USER32(?,00000403), ref: 004055B1
                                                                                                        • GetDlgItem.USER32(?,000003EE), ref: 004055C0
                                                                                                        • GetClientRect.USER32(?,?), ref: 004055FD
                                                                                                        • GetSystemMetrics.USER32(00000002), ref: 00405604
                                                                                                        • SendMessageW.USER32(?,00001061,00000000,?), ref: 00405625
                                                                                                        • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 00405636
                                                                                                        • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405649
                                                                                                        • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 00405657
                                                                                                        • SendMessageW.USER32(?,00001024,00000000,?), ref: 0040566A
                                                                                                        • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040568C
                                                                                                        • ShowWindow.USER32(?,00000008), ref: 004056A0
                                                                                                        • GetDlgItem.USER32(?,000003EC), ref: 004056C1
                                                                                                        • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 004056D1
                                                                                                        • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004056EA
                                                                                                        • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004056F6
                                                                                                        • GetDlgItem.USER32(?,000003F8), ref: 004055CF
                                                                                                          • Part of subcall function 0040437A: SendMessageW.USER32(00000028,?,00000001,004041A5), ref: 00404388
                                                                                                        • GetDlgItem.USER32(?,000003EC), ref: 00405713
                                                                                                        • CreateThread.KERNEL32(00000000,00000000,Function_000054E7,00000000), ref: 00405721
                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00405728
                                                                                                        • ShowWindow.USER32(00000000), ref: 0040574C
                                                                                                        • ShowWindow.USER32(?,00000008), ref: 00405751
                                                                                                        • ShowWindow.USER32(00000008), ref: 0040579B
                                                                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004057CF
                                                                                                        • CreatePopupMenu.USER32 ref: 004057E0
                                                                                                        • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004057F4
                                                                                                        • GetWindowRect.USER32(?,?), ref: 00405814
                                                                                                        • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040582D
                                                                                                        • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405865
                                                                                                        • OpenClipboard.USER32(00000000), ref: 00405875
                                                                                                        • EmptyClipboard.USER32 ref: 0040587B
                                                                                                        • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405887
                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 00405891
                                                                                                        • SendMessageW.USER32(?,00001073,00000000,?), ref: 004058A5
                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 004058C5
                                                                                                        • SetClipboardData.USER32(0000000D,00000000), ref: 004058D0
                                                                                                        • CloseClipboard.USER32 ref: 004058D6
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                        • String ID: (7B${
                                                                                                        • API String ID: 590372296-525222780
                                                                                                        • Opcode ID: f086514403ad079958e05c79f9398a2ee239ec86c73215fd307c521ee98444fa
                                                                                                        • Instruction ID: f8c5fe522ebc9739dae7df13929d3a15495bf3740f19f89270c8c50aa4207807
                                                                                                        • Opcode Fuzzy Hash: f086514403ad079958e05c79f9398a2ee239ec86c73215fd307c521ee98444fa
                                                                                                        • Instruction Fuzzy Hash: AFB15870900608FFDB11AFA0DD85AAE7B79FB44354F00847AFA45B61A0CB754E51DF68
                                                                                                        Function 00404D90 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GetDlgItem.USER32(?,000003F9), ref: 00404DA8
                                                                                                        • GetDlgItem.USER32(?,00000408), ref: 00404DB3
                                                                                                        • GlobalAlloc.KERNEL32(00000040,?), ref: 00404DFD
                                                                                                        • LoadBitmapW.USER32(0000006E), ref: 00404E10
                                                                                                        • SetWindowLongW.USER32(?,000000FC,00405388), ref: 00404E29
                                                                                                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404E3D
                                                                                                        • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404E4F
                                                                                                        • SendMessageW.USER32(?,00001109,00000002), ref: 00404E65
                                                                                                        • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404E71
                                                                                                        • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404E83
                                                                                                        • DeleteObject.GDI32(00000000), ref: 00404E86
                                                                                                        • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404EB1
                                                                                                        • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404EBD
                                                                                                        • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404F53
                                                                                                        • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404F7E
                                                                                                        • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404F92
                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00404FC1
                                                                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404FCF
                                                                                                        • ShowWindow.USER32(?,00000005), ref: 00404FE0
                                                                                                        • SendMessageW.USER32(?,00000419,00000000,?), ref: 004050DD
                                                                                                        • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00405142
                                                                                                        • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405157
                                                                                                        • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 0040517B
                                                                                                        • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 0040519B
                                                                                                        • ImageList_Destroy.COMCTL32(?), ref: 004051B0
                                                                                                        • GlobalFree.KERNEL32(?), ref: 004051C0
                                                                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405239
                                                                                                        • SendMessageW.USER32(?,00001102,?,?), ref: 004052E2
                                                                                                        • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 004052F1
                                                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 00405311
                                                                                                        • ShowWindow.USER32(?,00000000), ref: 0040535F
                                                                                                        • GetDlgItem.USER32(?,000003FE), ref: 0040536A
                                                                                                        • ShowWindow.USER32(00000000), ref: 00405371
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                        • String ID: $M$N
                                                                                                        • API String ID: 1638840714-813528018
                                                                                                        • Opcode ID: dd7e303e7a082920acbddfa323b9c1fe09c51fd00b8ac91a0555c01a181f07cb
                                                                                                        • Instruction ID: 31ae2990ecb9e768136dc40aca02b7f59ce629e1f3cadc681249b7cbd6abf0de
                                                                                                        • Opcode Fuzzy Hash: dd7e303e7a082920acbddfa323b9c1fe09c51fd00b8ac91a0555c01a181f07cb
                                                                                                        • Instruction Fuzzy Hash: 09027DB0A00609EFDB209F54DC45AAE7BB5FB44354F10817AE610BA2E0C7798E52CF58
                                                                                                        Function 00404814 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 275stringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GetDlgItem.USER32(?,000003FB), ref: 00404863
                                                                                                        • SetWindowTextW.USER32(00000000,?), ref: 0040488D
                                                                                                        • SHBrowseForFolderW.SHELL32(?), ref: 0040493E
                                                                                                        • CoTaskMemFree.OLE32(00000000), ref: 00404949
                                                                                                        • lstrcmpiW.KERNEL32(Call,00423728,00000000,?,?), ref: 0040497B
                                                                                                        • lstrcatW.KERNEL32(?,Call), ref: 00404987
                                                                                                        • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404999
                                                                                                          • Part of subcall function 004059F6: GetDlgItemTextW.USER32(?,?,00000400,004049D0), ref: 00405A09
                                                                                                          • Part of subcall function 00406644: CharNextW.USER32(?,*?|<>/":,00000000,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\FACTURA-002297.exe",00403464,C:\Users\user\AppData\Local\Temp\,76C13420,004036D5,?,00000006,00000008,0000000A), ref: 004066A7
                                                                                                          • Part of subcall function 00406644: CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 004066B6
                                                                                                          • Part of subcall function 00406644: CharNextW.USER32(?,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\FACTURA-002297.exe",00403464,C:\Users\user\AppData\Local\Temp\,76C13420,004036D5,?,00000006,00000008,0000000A), ref: 004066BB
                                                                                                          • Part of subcall function 00406644: CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\FACTURA-002297.exe",00403464,C:\Users\user\AppData\Local\Temp\,76C13420,004036D5,?,00000006,00000008,0000000A), ref: 004066CE
                                                                                                        • GetDiskFreeSpaceW.KERNEL32(004216F8,?,?,0000040F,?,004216F8,004216F8,?,00000001,004216F8,?,?,000003FB,?), ref: 00404A5C
                                                                                                        • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404A77
                                                                                                          • Part of subcall function 00404BD0: lstrlenW.KERNEL32(00423728,00423728,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404C71
                                                                                                          • Part of subcall function 00404BD0: wsprintfW.USER32 ref: 00404C7A
                                                                                                          • Part of subcall function 00404BD0: SetDlgItemTextW.USER32(?,00423728), ref: 00404C8D
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                        • String ID: (7B$A$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet$Call
                                                                                                        • API String ID: 2624150263-2873568988
                                                                                                        • Opcode ID: f04caca690f49e87266c44fb9cab88c370668c693f36f0659ef379fd8dc31e70
                                                                                                        • Instruction ID: 8d8d1438250e4d518a9e2371570913b63a9457987511b3c3302aefac7d34506d
                                                                                                        • Opcode Fuzzy Hash: f04caca690f49e87266c44fb9cab88c370668c693f36f0659ef379fd8dc31e70
                                                                                                        • Instruction Fuzzy Hash: B3A184F1A00209ABDB119FA5CD45AAF77B8EF84314F14843BFA01B62D1D77C99418B6D
                                                                                                        Function 004020FE Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CoCreateInstance.OLE32(004084DC,?,00000001,004084CC,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040217D
                                                                                                        Strings
                                                                                                        • C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet, xrefs: 004021BD
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CreateInstance
                                                                                                        • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet
                                                                                                        • API String ID: 542301482-2667514213
                                                                                                        • Opcode ID: d21109b947604d2aeedf4ad2c9da0992de00d0e594a19d7853b024dfbf8c0e49
                                                                                                        • Instruction ID: fcf7de762e0310186ccf97c85ab7d5ba58e988de4da68cff16f28a22b081737a
                                                                                                        • Opcode Fuzzy Hash: d21109b947604d2aeedf4ad2c9da0992de00d0e594a19d7853b024dfbf8c0e49
                                                                                                        • Instruction Fuzzy Hash: EE414A75A00208AFCB10DFE4C988AAEBBB5FF48314F20457AF515EB2D1DB799941CB44
                                                                                                        Function 00402862 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 00402871
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: FileFindFirst
                                                                                                        • String ID:
                                                                                                        • API String ID: 1974802433-0
                                                                                                        • Opcode ID: d93f1720afb55d10142a5d85e05fc16c00c53f1b0b53f4af4ae9949186ca55c3
                                                                                                        • Instruction ID: 1506565ccd7b679c7f55cec76d0c208d7a3b57e4c41f2eb52868ec6bdbdc004a
                                                                                                        • Opcode Fuzzy Hash: d93f1720afb55d10142a5d85e05fc16c00c53f1b0b53f4af4ae9949186ca55c3
                                                                                                        • Instruction Fuzzy Hash: 38F05E71A04104ABD710EBA4DA499ADB368EF00314F2005BBF541F21D1D7B84D919B2A
                                                                                                        Function 00403E6C Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 346windowstringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403EA8
                                                                                                        • ShowWindow.USER32(?), ref: 00403EC5
                                                                                                        • DestroyWindow.USER32 ref: 00403ED9
                                                                                                        • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403EF5
                                                                                                        • GetDlgItem.USER32(?,?), ref: 00403F16
                                                                                                        • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403F2A
                                                                                                        • IsWindowEnabled.USER32(00000000), ref: 00403F31
                                                                                                        • GetDlgItem.USER32(?,00000001), ref: 00403FDF
                                                                                                        • GetDlgItem.USER32(?,00000002), ref: 00403FE9
                                                                                                        • SetClassLongW.USER32(?,000000F2,?), ref: 00404003
                                                                                                        • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00404054
                                                                                                        • GetDlgItem.USER32(?,00000003), ref: 004040FA
                                                                                                        • ShowWindow.USER32(00000000,?), ref: 0040411B
                                                                                                        • EnableWindow.USER32(?,?), ref: 0040412D
                                                                                                        • EnableWindow.USER32(?,?), ref: 00404148
                                                                                                        • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 0040415E
                                                                                                        • EnableMenuItem.USER32(00000000), ref: 00404165
                                                                                                        • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 0040417D
                                                                                                        • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00404190
                                                                                                        • lstrlenW.KERNEL32(00423728,?,00423728,00000000), ref: 004041BA
                                                                                                        • SetWindowTextW.USER32(?,00423728), ref: 004041CE
                                                                                                        • ShowWindow.USER32(?,0000000A), ref: 00404302
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                                                                        • String ID: (7B
                                                                                                        • API String ID: 184305955-3251261122
                                                                                                        • Opcode ID: a59e4a4ec43d7d40c0b393105adb60ca25607e9856a65bb271622870994d4568
                                                                                                        • Instruction ID: 85a8b1cb5875a9f0130709c86f20b78f231723f1bf47f2e7597622744019d293
                                                                                                        • Opcode Fuzzy Hash: a59e4a4ec43d7d40c0b393105adb60ca25607e9856a65bb271622870994d4568
                                                                                                        • Instruction Fuzzy Hash: 88C1A1B1640200FFDB216F61EE85D2B3BA8EB95305F40053EFA41B21F0CB7959529B6E
                                                                                                        Function 004044E2 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 204windowstringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404580
                                                                                                        • GetDlgItem.USER32(?,000003E8), ref: 00404594
                                                                                                        • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004045B1
                                                                                                        • GetSysColor.USER32(?), ref: 004045C2
                                                                                                        • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004045D0
                                                                                                        • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004045DE
                                                                                                        • lstrlenW.KERNEL32(?), ref: 004045E3
                                                                                                        • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004045F0
                                                                                                        • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 00404605
                                                                                                        • GetDlgItem.USER32(?,0000040A), ref: 0040465E
                                                                                                        • SendMessageW.USER32(00000000), ref: 00404665
                                                                                                        • GetDlgItem.USER32(?,000003E8), ref: 00404690
                                                                                                        • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 004046D3
                                                                                                        • LoadCursorW.USER32(00000000,00007F02), ref: 004046E1
                                                                                                        • SetCursor.USER32(00000000), ref: 004046E4
                                                                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 004046FD
                                                                                                        • SetCursor.USER32(00000000), ref: 00404700
                                                                                                        • SendMessageW.USER32(00000111,00000001,00000000), ref: 0040472F
                                                                                                        • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404741
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                        • String ID: Call$N$YD@
                                                                                                        • API String ID: 3103080414-3276248472
                                                                                                        • Opcode ID: 777072e4300f85645cf7ffde5545d8883defabb32dd208014d98b1e23baa6229
                                                                                                        • Instruction ID: b733f22c3e4a4344af423a89e947fb2470a434e6d87e1c723dfed1fecd84da00
                                                                                                        • Opcode Fuzzy Hash: 777072e4300f85645cf7ffde5545d8883defabb32dd208014d98b1e23baa6229
                                                                                                        • Instruction Fuzzy Hash: E16172B1A00209BFDB109F60DD85AAA7B69FB85354F00813AFB05BB1E0D7789951CF58
                                                                                                        Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                        • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                        • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                        • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                        • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                        • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                        • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                        • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                        • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                        • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                        • DrawTextW.USER32(00000000,00429240,000000FF,00000010,00000820), ref: 00401156
                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                        • DeleteObject.GDI32(?), ref: 00401165
                                                                                                        • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                        • String ID: F
                                                                                                        • API String ID: 941294808-1304234792
                                                                                                        • Opcode ID: a62f14d8607f0cab4b909ce482175ba86ddefa50def87cd09a38214d4056f576
                                                                                                        • Instruction ID: b35030fe9107d9a8359b932f7918d2348922827c9ca57aaae851fe5b21190c6b
                                                                                                        • Opcode Fuzzy Hash: a62f14d8607f0cab4b909ce482175ba86ddefa50def87cd09a38214d4056f576
                                                                                                        • Instruction Fuzzy Hash: 92418A71800249AFCF058FA5DE459AFBBB9FF44310F00842AF991AA1A0C738E955DFA4
                                                                                                        Function 00405FFC Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,00406197,?,?), ref: 00406037
                                                                                                        • GetShortPathNameW.KERNEL32(?,00426DC8,00000400), ref: 00406040
                                                                                                          • Part of subcall function 00405E07: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004060F0,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E17
                                                                                                          • Part of subcall function 00405E07: lstrlenA.KERNEL32(00000000,?,00000000,004060F0,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E49
                                                                                                        • GetShortPathNameW.KERNEL32(?,004275C8,00000400), ref: 0040605D
                                                                                                        • wsprintfA.USER32 ref: 0040607B
                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,004275C8,C0000000,00000004,004275C8,?,?,?,?,?), ref: 004060B6
                                                                                                        • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 004060C5
                                                                                                        • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060FD
                                                                                                        • SetFilePointer.KERNEL32(0040A590,00000000,00000000,00000000,00000000,004269C8,00000000,-0000000A,0040A590,00000000,[Rename],00000000,00000000,00000000), ref: 00406153
                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00406164
                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0040616B
                                                                                                          • Part of subcall function 00405EA2: GetFileAttributesW.KERNELBASE(00000003,00402F57,C:\Users\user\Desktop\FACTURA-002297.exe,80000000,00000003), ref: 00405EA6
                                                                                                          • Part of subcall function 00405EA2: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405EC8
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                        • String ID: %ls=%ls$[Rename]
                                                                                                        • API String ID: 2171350718-461813615
                                                                                                        • Opcode ID: cc1e011b744674eb6045294d1f1ba8016b3cffab7c6b3a5cc0e4edd922729f6b
                                                                                                        • Instruction ID: 7a97944e4ecdd21f919348e7cfc29446421eaa6be6f71a8f5a2bdcac5b6ce208
                                                                                                        • Opcode Fuzzy Hash: cc1e011b744674eb6045294d1f1ba8016b3cffab7c6b3a5cc0e4edd922729f6b
                                                                                                        • Instruction Fuzzy Hash: 953139703007157BC2206B259D49F673A6CEF45714F15003AFA42FA2D2DE7C992586AD
                                                                                                        Function 00406644 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CharNextW.USER32(?,*?|<>/":,00000000,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\FACTURA-002297.exe",00403464,C:\Users\user\AppData\Local\Temp\,76C13420,004036D5,?,00000006,00000008,0000000A), ref: 004066A7
                                                                                                        • CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 004066B6
                                                                                                        • CharNextW.USER32(?,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\FACTURA-002297.exe",00403464,C:\Users\user\AppData\Local\Temp\,76C13420,004036D5,?,00000006,00000008,0000000A), ref: 004066BB
                                                                                                        • CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\FACTURA-002297.exe",00403464,C:\Users\user\AppData\Local\Temp\,76C13420,004036D5,?,00000006,00000008,0000000A), ref: 004066CE
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Char$Next$Prev
                                                                                                        • String ID: "C:\Users\user\Desktop\FACTURA-002297.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                        • API String ID: 589700163-1766023007
                                                                                                        • Opcode ID: 77b224228f8c57f44dbd024cb25da7c2d773c522f2af8fdd1da9e6af7933f215
                                                                                                        • Instruction ID: 91382b34e261ab6a6b837a41ec70345278d3faa82d58aea2d88f3062b19e38b1
                                                                                                        • Opcode Fuzzy Hash: 77b224228f8c57f44dbd024cb25da7c2d773c522f2af8fdd1da9e6af7933f215
                                                                                                        • Instruction Fuzzy Hash: 8C11E61580070295DB302B149C40E7766B8EF587A4F12483FED86B32C0E77E4CD286AD
                                                                                                        Function 004043AC Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GetWindowLongW.USER32(?,000000EB), ref: 004043C9
                                                                                                        • GetSysColor.USER32(00000000), ref: 004043E5
                                                                                                        • SetTextColor.GDI32(?,00000000), ref: 004043F1
                                                                                                        • SetBkMode.GDI32(?,?), ref: 004043FD
                                                                                                        • GetSysColor.USER32(?), ref: 00404410
                                                                                                        • SetBkColor.GDI32(?,?), ref: 00404420
                                                                                                        • DeleteObject.GDI32(?), ref: 0040443A
                                                                                                        • CreateBrushIndirect.GDI32(?), ref: 00404444
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                        • String ID:
                                                                                                        • API String ID: 2320649405-0
                                                                                                        • Opcode ID: d93bb5df8f2b76ccefaad0a5d1bb7d3eec77da1dbbaa67d130298efb7d8eee66
                                                                                                        • Instruction ID: 701ae6dfa2b2a9365c03cf2c9b1b76f0db24f0feb35c46e7544c905291b2d973
                                                                                                        • Opcode Fuzzy Hash: d93bb5df8f2b76ccefaad0a5d1bb7d3eec77da1dbbaa67d130298efb7d8eee66
                                                                                                        • Instruction Fuzzy Hash: 4B216671500704AFCB219F68DE48B5BBBF8AF81714F04893EED95E22A1D774E944CB54
                                                                                                        Function 00405414 Relevance: 10.6, APIs: 7, Instructions: 72stringwindowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • lstrlenW.KERNEL32(00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EEC,00000000,?), ref: 0040544C
                                                                                                        • lstrlenW.KERNEL32(00402EEC,00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EEC,00000000), ref: 0040545C
                                                                                                        • lstrcatW.KERNEL32(00422708,00402EEC,00402EEC,00422708,00000000,00000000,00000000), ref: 0040546F
                                                                                                        • SetWindowTextW.USER32(00422708,00422708), ref: 00405481
                                                                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004054A7
                                                                                                        • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004054C1
                                                                                                        • SendMessageW.USER32(?,00001013,?,00000000), ref: 004054CF
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                        • String ID:
                                                                                                        • API String ID: 2531174081-0
                                                                                                        • Opcode ID: ae6ed24060c0e1e5203a454600f337dd8354be9e28b06d37a059070ec5477373
                                                                                                        • Instruction ID: b4c9d1203d7b93b364d12d55a96473d81469f1a16e33619bfa53f57c996d0385
                                                                                                        • Opcode Fuzzy Hash: ae6ed24060c0e1e5203a454600f337dd8354be9e28b06d37a059070ec5477373
                                                                                                        • Instruction Fuzzy Hash: 0E219071900518BACF119FA5DD85ADFBFB4EF45364F10803AF904B62A0C3794A90CFA8
                                                                                                        Function 00402E72 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • DestroyWindow.USER32(00000000,00000000), ref: 00402E8D
                                                                                                        • GetTickCount.KERNEL32 ref: 00402EAB
                                                                                                        • wsprintfW.USER32 ref: 00402ED9
                                                                                                          • Part of subcall function 00405414: lstrlenW.KERNEL32(00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EEC,00000000,?), ref: 0040544C
                                                                                                          • Part of subcall function 00405414: lstrlenW.KERNEL32(00402EEC,00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EEC,00000000), ref: 0040545C
                                                                                                          • Part of subcall function 00405414: lstrcatW.KERNEL32(00422708,00402EEC,00402EEC,00422708,00000000,00000000,00000000), ref: 0040546F
                                                                                                          • Part of subcall function 00405414: SetWindowTextW.USER32(00422708,00422708), ref: 00405481
                                                                                                          • Part of subcall function 00405414: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004054A7
                                                                                                          • Part of subcall function 00405414: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004054C1
                                                                                                          • Part of subcall function 00405414: SendMessageW.USER32(?,00001013,?,00000000), ref: 004054CF
                                                                                                        • CreateDialogParamW.USER32(0000006F,00000000,00402DD7,00000000), ref: 00402EFD
                                                                                                        • ShowWindow.USER32(00000000,00000005), ref: 00402F0B
                                                                                                          • Part of subcall function 00402E56: MulDiv.KERNEL32(00000000,00000064,0004B639), ref: 00402E6B
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                                        • String ID: ... %d%%
                                                                                                        • API String ID: 722711167-2449383134
                                                                                                        • Opcode ID: 9d96e1b775b00f8f1aa504ccf668d13eff31e418fbd4a6343fc61565dbea9545
                                                                                                        • Instruction ID: c2ec4548d439a14d597b05689786213ff5532ac021c242b5895b0761ec4a5705
                                                                                                        • Opcode Fuzzy Hash: 9d96e1b775b00f8f1aa504ccf668d13eff31e418fbd4a6343fc61565dbea9545
                                                                                                        • Instruction Fuzzy Hash: 0501C430440724EBCB31AB60EF4CB9B7B68AB00B44B50417FF945F12E0CAB844558BEE
                                                                                                        Function 00404CDE Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404CF9
                                                                                                        • GetMessagePos.USER32 ref: 00404D01
                                                                                                        • ScreenToClient.USER32(?,?), ref: 00404D1B
                                                                                                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404D2D
                                                                                                        • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404D53
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Message$Send$ClientScreen
                                                                                                        • String ID: f
                                                                                                        • API String ID: 41195575-1993550816
                                                                                                        • Opcode ID: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                                                                        • Instruction ID: b067d4b0ecc7c77c1c3f0caef97ada8ed48413e9bef28a1d47140c0a876cf8aa
                                                                                                        • Opcode Fuzzy Hash: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                                                                        • Instruction Fuzzy Hash: AD015E71A0021DBADB00DB94DD85BFEBBBCAF95715F10412BBA50B62D0C7B899018BA4
                                                                                                        Function 00401DB3 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GetDC.USER32(?), ref: 00401DB6
                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401DD0
                                                                                                        • MulDiv.KERNEL32(00000000,00000000), ref: 00401DD8
                                                                                                        • ReleaseDC.USER32(?,00000000), ref: 00401DE9
                                                                                                        • CreateFontIndirectW.GDI32(0040CDE0), ref: 00401E38
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                        • String ID: Tahoma
                                                                                                        • API String ID: 3808545654-3580928618
                                                                                                        • Opcode ID: dd5e8fa4d463f4addcea7a8cc9fa64d55b0ecfa5d277173ec9cca7ca7d10c693
                                                                                                        • Instruction ID: c2f05a2c3ba2ec5405c4fe8fe652dd8f1d703414ee124caa90b8b383e79e86eb
                                                                                                        • Opcode Fuzzy Hash: dd5e8fa4d463f4addcea7a8cc9fa64d55b0ecfa5d277173ec9cca7ca7d10c693
                                                                                                        • Instruction Fuzzy Hash: 3201B171904241EFE7006BB0AF4AB9A7FB0BF55301F10493EF242B71E2CAB800469B2D
                                                                                                        Function 00402DD7 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402DF5
                                                                                                        • wsprintfW.USER32 ref: 00402E29
                                                                                                        • SetWindowTextW.USER32(?,?), ref: 00402E39
                                                                                                        • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402E4B
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Text$ItemTimerWindowwsprintf
                                                                                                        • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                                        • API String ID: 1451636040-1158693248
                                                                                                        • Opcode ID: 5563c221c1669b5fd2184c8b70bdefae7b5ad080d5cf5862aa05c867891839d9
                                                                                                        • Instruction ID: 0bc749b122006b2f9f6abad3e9991ed6065550717762caf8ffdc158a825a6066
                                                                                                        • Opcode Fuzzy Hash: 5563c221c1669b5fd2184c8b70bdefae7b5ad080d5cf5862aa05c867891839d9
                                                                                                        • Instruction Fuzzy Hash: 69F0367154020DABDF206F50DD4ABEA3B69FB00714F00803AFA06B51D0DBFD55598F99
                                                                                                        Function 100024A4 Relevance: 9.1, APIs: 6, Instructions: 98COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                          • Part of subcall function 1000121B: GlobalAlloc.KERNELBASE(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                                                                        • GlobalFree.KERNEL32(?), ref: 1000256D
                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 100025A8
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12785365661.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12785336393.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12785394722.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12785424175.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_10000000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Global$Free$Alloc
                                                                                                        • String ID:
                                                                                                        • API String ID: 1780285237-0
                                                                                                        • Opcode ID: e72053471c67904cbc9fe51406c75cdd0d1e7ae72e07fb5691a107031e3f1593
                                                                                                        • Instruction ID: 149f0ffe7112dafd64944f245e56057b96fa329c468151baa91e3d773918aa42
                                                                                                        • Opcode Fuzzy Hash: e72053471c67904cbc9fe51406c75cdd0d1e7ae72e07fb5691a107031e3f1593
                                                                                                        • Instruction Fuzzy Hash: 1031AF71504651EFF721CF14CCA8E2B7BB8FB853D2F114119F940961A8C7719851DB69
                                                                                                        Function 004028A7 Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000), ref: 004028FB
                                                                                                        • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 00402917
                                                                                                        • GlobalFree.KERNEL32(?), ref: 00402950
                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00402963
                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,000000F0), ref: 0040297B
                                                                                                        • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000), ref: 0040298F
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                        • String ID:
                                                                                                        • API String ID: 2667972263-0
                                                                                                        • Opcode ID: 71fa0d7f1f6972b2f5f4a603ea8383ed055fcf66cbac6c56c0d77bb029e8dc11
                                                                                                        • Instruction ID: c824e8dfb1c84b3956194132b72a9c46ff30f807773af65f81dcebc4e122496d
                                                                                                        • Opcode Fuzzy Hash: 71fa0d7f1f6972b2f5f4a603ea8383ed055fcf66cbac6c56c0d77bb029e8dc11
                                                                                                        • Instruction Fuzzy Hash: 6521BFB1800128BBDF216FA5DE49D9E7E79EF09364F10023AF960762E0CB7949418B98
                                                                                                        Function 00404BD0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • lstrlenW.KERNEL32(00423728,00423728,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404C71
                                                                                                        • wsprintfW.USER32 ref: 00404C7A
                                                                                                        • SetDlgItemTextW.USER32(?,00423728), ref: 00404C8D
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ItemTextlstrlenwsprintf
                                                                                                        • String ID: %u.%u%s%s$(7B
                                                                                                        • API String ID: 3540041739-1320723960
                                                                                                        • Opcode ID: 58f77135636fcca40ac9b9d1b3b9f97977a6748d84aaa2f98ffb75d2f2ac1724
                                                                                                        • Instruction ID: 703546cccce40a16f7c4e0327b319c47dc4604cc2262111db7ea86f65ec4581c
                                                                                                        • Opcode Fuzzy Hash: 58f77135636fcca40ac9b9d1b3b9f97977a6748d84aaa2f98ffb75d2f2ac1724
                                                                                                        • Instruction Fuzzy Hash: 0911E7736041287BEB00556DAD46EAF329CDB85374F254237FA66F31D1DA79CC2182E8
                                                                                                        Function 00402592 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69stringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • WideCharToMultiByte.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\nsqD01E.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsqD01E.tmp\System.dll,00000400,?,?,00000021), ref: 004025E2
                                                                                                        • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsqD01E.tmp\System.dll,?,?,C:\Users\user\AppData\Local\Temp\nsqD01E.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsqD01E.tmp\System.dll,00000400,?,?,00000021), ref: 004025ED
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ByteCharMultiWidelstrlen
                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\nsqD01E.tmp$C:\Users\user\AppData\Local\Temp\nsqD01E.tmp\System.dll
                                                                                                        • API String ID: 3109718747-209202394
                                                                                                        • Opcode ID: 04c8a0be0a3c8b5bca7af342d1437c7cd7f7eafe97cd42d6f17c4336303185e8
                                                                                                        • Instruction ID: 778b7e41730bacb68cbd472b7e3a637cf80abcfea8faeb2db308f16ae4ae4a1c
                                                                                                        • Opcode Fuzzy Hash: 04c8a0be0a3c8b5bca7af342d1437c7cd7f7eafe97cd42d6f17c4336303185e8
                                                                                                        • Instruction Fuzzy Hash: 35112E72A00204BBDB146FB18F8D99F76649F55394F20443BF502F61C1DAFC48425B5E
                                                                                                        Function 100022D0 Relevance: 7.6, APIs: 5, Instructions: 135memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 10002411
                                                                                                          • Part of subcall function 1000122C: lstrcpynW.KERNEL32(00000000,?,100012DF,00000019,100011BE,-000000A0), ref: 1000123C
                                                                                                        • GlobalAlloc.KERNEL32(00000040), ref: 10002397
                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 100023B2
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12785365661.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12785336393.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12785394722.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12785424175.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_10000000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                                                                                        • String ID:
                                                                                                        • API String ID: 4216380887-0
                                                                                                        • Opcode ID: 40c1fda0fc222d3deaf0be0606799ffba2a33d40f74f168943dcfaeb9bc9158e
                                                                                                        • Instruction ID: e010a8171ff36a63e9221139458dc5df23460d7ee6f57f6168b5e09891e1807c
                                                                                                        • Opcode Fuzzy Hash: 40c1fda0fc222d3deaf0be0606799ffba2a33d40f74f168943dcfaeb9bc9158e
                                                                                                        • Instruction Fuzzy Hash: 9141D2B4408305EFF324DF24C880A6AB7F8FB843D4B11892DF94687199DB34BA94CB65
                                                                                                        Function 100015FF Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,10002148,?,00000808), ref: 10001617
                                                                                                        • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,10002148,?,00000808), ref: 1000161E
                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,10002148,?,00000808), ref: 10001632
                                                                                                        • GetProcAddress.KERNEL32(10002148,00000000), ref: 10001639
                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 10001642
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12785365661.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12785336393.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12785394722.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12785424175.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_10000000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                                                                        • String ID:
                                                                                                        • API String ID: 1148316912-0
                                                                                                        • Opcode ID: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                                                                        • Instruction ID: 7647a3e7d8fb005f6fbf822ef0874fdc4783f8eaf5d0662476f5196d1f8db515
                                                                                                        • Opcode Fuzzy Hash: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                                                                        • Instruction Fuzzy Hash: 7CF098722071387BE62117A78C8CD9BBF9CDF8B2F5B114215F628921A4C6619D019BF1
                                                                                                        Function 00401D57 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GetDlgItem.USER32(?,?), ref: 00401D5D
                                                                                                        • GetClientRect.USER32(00000000,?), ref: 00401D6A
                                                                                                        • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D8B
                                                                                                        • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D99
                                                                                                        • DeleteObject.GDI32(00000000), ref: 00401DA8
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                        • String ID:
                                                                                                        • API String ID: 1849352358-0
                                                                                                        • Opcode ID: 1cce6cf5ba1aed4fa5ce4547bc0ae4b149cf4eb258e4777d2c59333f9832c14c
                                                                                                        • Instruction ID: a606f7d5b7d9f25f85f3a996f6cf1d54ca927bfb9af82e5c1f6e8eb7e31f2730
                                                                                                        • Opcode Fuzzy Hash: 1cce6cf5ba1aed4fa5ce4547bc0ae4b149cf4eb258e4777d2c59333f9832c14c
                                                                                                        • Instruction Fuzzy Hash: 88F0FF72604518AFDB01DBE4DF88CEEB7BCEB08341B14047AF641F61A1CA749D518B78
                                                                                                        Function 00401C19 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C89
                                                                                                        • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CA1
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MessageSend$Timeout
                                                                                                        • String ID: !
                                                                                                        • API String ID: 1777923405-2657877971
                                                                                                        • Opcode ID: 8f57c4960d5009b47da13ac1dbf9672dc76c0f1a0d468b1b2fcc5bc99a892ac9
                                                                                                        • Instruction ID: 90968196233f782bf8ff3785c90d26ea0bd53ded382d002e8ee2e27c6658862d
                                                                                                        • Opcode Fuzzy Hash: 8f57c4960d5009b47da13ac1dbf9672dc76c0f1a0d468b1b2fcc5bc99a892ac9
                                                                                                        • Instruction Fuzzy Hash: 6121C171948209AEEF05EFA5CE4AABE7BB4EF84308F14443EF502B61D0D7B84541DB28
                                                                                                        Function 00405C81 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403476,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,76C13420,004036D5,?,00000006,00000008,0000000A), ref: 00405C87
                                                                                                        • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403476,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,76C13420,004036D5,?,00000006,00000008,0000000A), ref: 00405C91
                                                                                                        • lstrcatW.KERNEL32(?,0040A014,?,00000006,00000008,0000000A), ref: 00405CA3
                                                                                                        Strings
                                                                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 00405C81
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CharPrevlstrcatlstrlen
                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                        • API String ID: 2659869361-787714339
                                                                                                        • Opcode ID: 2d89e3346713fcbf25affea4869717dbbf7bb0cb650dc976aff6b925dbbb9e25
                                                                                                        • Instruction ID: 792cc20aee96bfe2db1a273563d78520df22e3750eb0c1a77993888458b10d09
                                                                                                        • Opcode Fuzzy Hash: 2d89e3346713fcbf25affea4869717dbbf7bb0cb650dc976aff6b925dbbb9e25
                                                                                                        • Instruction Fuzzy Hash: DBD0A731111631AAC1116B458D05CDF769C9F46315342143BF501B30A1C77C1D6187FD
                                                                                                        Function 00405D89 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                          • Part of subcall function 004063B0: lstrcpynW.KERNEL32(?,?,00000400,0040355A,00429240,NSIS Error,?,00000006,00000008,0000000A), ref: 004063BD
                                                                                                          • Part of subcall function 00405D2C: CharNextW.USER32(?,?,00425F30,?,00405DA0,00425F30,00425F30,?,?,76C12EE0,00405ADE,?,C:\Users\user\AppData\Local\Temp\,76C12EE0,00000000), ref: 00405D3A
                                                                                                          • Part of subcall function 00405D2C: CharNextW.USER32(00000000), ref: 00405D3F
                                                                                                          • Part of subcall function 00405D2C: CharNextW.USER32(00000000), ref: 00405D57
                                                                                                        • lstrlenW.KERNEL32(00425F30,00000000,00425F30,00425F30,?,?,76C12EE0,00405ADE,?,C:\Users\user\AppData\Local\Temp\,76C12EE0,00000000), ref: 00405DE2
                                                                                                        • GetFileAttributesW.KERNEL32(00425F30,00425F30,00425F30,00425F30,00425F30,00425F30,00000000,00425F30,00425F30,?,?,76C12EE0,00405ADE,?,C:\Users\user\AppData\Local\Temp\,76C12EE0), ref: 00405DF2
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                        • String ID: 0_B
                                                                                                        • API String ID: 3248276644-2128305573
                                                                                                        • Opcode ID: 9ab52294f1c51de88c4a4db8473d9fc5f5165192c0b0c0d383058277ec03ae92
                                                                                                        • Instruction ID: 7d5bbe1e5c8c3abe72dbe24b1e5e7d34393fbb328f3a5d3c645332532cfc401b
                                                                                                        • Opcode Fuzzy Hash: 9ab52294f1c51de88c4a4db8473d9fc5f5165192c0b0c0d383058277ec03ae92
                                                                                                        • Instruction Fuzzy Hash: 61F0D125114E6156E62232364D0DBAF1954CE8236474A853BFC51B22D1DB3C8953CDAE
                                                                                                        Function 00405388 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • IsWindowVisible.USER32(?), ref: 004053B7
                                                                                                        • CallWindowProcW.USER32(?,?,?,?), ref: 00405408
                                                                                                          • Part of subcall function 00404391: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004043A3
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Window$CallMessageProcSendVisible
                                                                                                        • String ID:
                                                                                                        • API String ID: 3748168415-3916222277
                                                                                                        • Opcode ID: 7f0b268359981ce96b8471a5d3c832aa899a6e6df9d4a1bd192212e4a6da3699
                                                                                                        • Instruction ID: e7a51b5005e981c4ca122d20ba3fe12824fd99f760bfe42b36e815d14bf77052
                                                                                                        • Opcode Fuzzy Hash: 7f0b268359981ce96b8471a5d3c832aa899a6e6df9d4a1bd192212e4a6da3699
                                                                                                        • Instruction Fuzzy Hash: 5C01717120060DABDF209F11DD84AAB3735EB84395F204037FE457A1D1C7BA8D92AF69
                                                                                                        Function 0040627E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000800,00000002,00422708,00000000,?,?,Call,?,?,004064F2,80000002), ref: 004062C4
                                                                                                        • RegCloseKey.ADVAPI32(?,?,004064F2,80000002,Software\Microsoft\Windows\CurrentVersion,Call,Call,Call,00000000,00422708), ref: 004062CF
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CloseQueryValue
                                                                                                        • String ID: Call
                                                                                                        • API String ID: 3356406503-1824292864
                                                                                                        • Opcode ID: eb1f67c4e7283d14696156d079f1c46a9bcf05f485b6848abf2eef10094c0e69
                                                                                                        • Instruction ID: c3e7de0656b9710826ab6423f517e97bb9b3954c36c3ca231a2eb326ebdf078d
                                                                                                        • Opcode Fuzzy Hash: eb1f67c4e7283d14696156d079f1c46a9bcf05f485b6848abf2eef10094c0e69
                                                                                                        • Instruction Fuzzy Hash: 80019A32500209EADF219F90CC09EDB3BA8EF55360F01803AFD16A21A0D738DA64DBA4
                                                                                                        Function 00403A29 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,76C12EE0,00403A00,76C13420,004037FF,00000006,?,00000006,00000008,0000000A), ref: 00403A43
                                                                                                        • GlobalFree.KERNEL32(?), ref: 00403A4A
                                                                                                        Strings
                                                                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 00403A3B
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Free$GlobalLibrary
                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                        • API String ID: 1100898210-787714339
                                                                                                        • Opcode ID: e06207bb45b670d34af272b3fb1259f6a40c1f68299225e6b4906b67dd7614d2
                                                                                                        • Instruction ID: 78aecf43d79df039942bc1d46619d1d902388d1bf991e2316d5006033f35a71e
                                                                                                        • Opcode Fuzzy Hash: e06207bb45b670d34af272b3fb1259f6a40c1f68299225e6b4906b67dd7614d2
                                                                                                        • Instruction Fuzzy Hash: D9E08C32A000205BC6229F45ED04B5E7B6C6F48B22F0A023AE8C07B26087745C82CF88
                                                                                                        Function 00405CCD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,00402F80,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\FACTURA-002297.exe,C:\Users\user\Desktop\FACTURA-002297.exe,80000000,00000003), ref: 00405CD3
                                                                                                        • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402F80,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\FACTURA-002297.exe,C:\Users\user\Desktop\FACTURA-002297.exe,80000000,00000003), ref: 00405CE3
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CharPrevlstrlen
                                                                                                        • String ID: C:\Users\user\Desktop
                                                                                                        • API String ID: 2709904686-3443045126
                                                                                                        • Opcode ID: ce420ed133ef401578f7edf27e8b1e41d4059e21aeef7803f585746dd391eaaa
                                                                                                        • Instruction ID: 4c3d9e560c0c996ae094f7ef7b1b4ed865fc8cc67bffad09b41611580a74fc2a
                                                                                                        • Opcode Fuzzy Hash: ce420ed133ef401578f7edf27e8b1e41d4059e21aeef7803f585746dd391eaaa
                                                                                                        • Instruction Fuzzy Hash: 03D05EB2414A209AD3126704DD01D9F73A8EF12314746442AE841A6161E7785C918AAC
                                                                                                        Function 100010E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GlobalAlloc.KERNEL32(00000040,?), ref: 1000116A
                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 100011C7
                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 100011D9
                                                                                                        • GlobalFree.KERNEL32(?), ref: 10001203
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12785365661.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12785336393.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12785394722.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12785424175.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_10000000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Global$Free$Alloc
                                                                                                        • String ID:
                                                                                                        • API String ID: 1780285237-0
                                                                                                        • Opcode ID: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
                                                                                                        • Instruction ID: f345eba8489605592ce73ef35c78e6b42925bf5f5eceaf1f60f0973e38c56604
                                                                                                        • Opcode Fuzzy Hash: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
                                                                                                        • Instruction Fuzzy Hash: AE318FF6904211DBF314CF64DC859EA77E8EB853D0B12452AFB45E726CEB34E8018765
                                                                                                        Function 00405E07 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004060F0,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E17
                                                                                                        • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405E2F
                                                                                                        • CharNextA.USER32(00000000,?,00000000,004060F0,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E40
                                                                                                        • lstrlenA.KERNEL32(00000000,?,00000000,004060F0,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E49
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.12779580192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.12779552187.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779612001.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779646796.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.12779867343.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: lstrlen$CharNextlstrcmpi
                                                                                                        • String ID:
                                                                                                        • API String ID: 190613189-0
                                                                                                        • Opcode ID: 7e71a0af936693ae9f9191b5a8beeb80aa55241a483ed2e2c495a4152d25f7df
                                                                                                        • Instruction ID: dc3323509655add47458b7bfdc28b409d7665b879035d0867add309d4545c2bc
                                                                                                        • Opcode Fuzzy Hash: 7e71a0af936693ae9f9191b5a8beeb80aa55241a483ed2e2c495a4152d25f7df
                                                                                                        • Instruction Fuzzy Hash: 89F06236104518EFC7029BA5DD40D9FBBA8EF06354B2540BAE980F7211D674DF01AB99

                                                                                                        Execution Graph

                                                                                                        Execution Coverage:0%
                                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                                        Signature Coverage:100%
                                                                                                        Total number of Nodes:1
                                                                                                        Total number of Limit Nodes:0
                                                                                                        execution_graph 65530 32e72b90 LdrInitializeThunk

                                                                                                        Executed Functions

                                                                                                        Function 32E734E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 4 32e734e0-32e734ec LdrInitializeThunk
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: aeb0f194effff3f27e5ab5366e422ab2ffc339bb3478118a6cf3c957ec027dbb
                                                                                                        • Instruction ID: 6a9330ff1880a13f834856a3b2aaf14a818f7037a45d02b63d204aa66ae3d2e3
                                                                                                        • Opcode Fuzzy Hash: aeb0f194effff3f27e5ab5366e422ab2ffc339bb3478118a6cf3c957ec027dbb
                                                                                                        • Instruction Fuzzy Hash: 7B900231A0510842D500A2985716706100547D0701FA1C817A4854528DC7B58955B5A2
                                                                                                        Function 32E72BC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 1 32e72bc0-32e72bcc LdrInitializeThunk
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 08d08ff959534c80d07bf55ba1deb4956d2d192e5ca3b3557629f8c6bda76021
                                                                                                        • Instruction ID: 3f327aa0c056570b0f31a743da1d6e7d6ca6ad780ca13ae613d8be3dbb5fcc65
                                                                                                        • Opcode Fuzzy Hash: 08d08ff959534c80d07bf55ba1deb4956d2d192e5ca3b3557629f8c6bda76021
                                                                                                        • Instruction Fuzzy Hash: 2490023160100842D500A6D8660A646000547E0701F91D417A9454515EC6758895B131
                                                                                                        Function 32E72B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 0 32e72b90-32e72b9c LdrInitializeThunk
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: bacdf7886a8f5fdc9b3d4a7c24e3162514674ae0d5778a96cc8d9177ce72e054
                                                                                                        • Instruction ID: 464ee1b92073c3189bbc0d3688501025910dfb4963d72634873fab259dfec129
                                                                                                        • Opcode Fuzzy Hash: bacdf7886a8f5fdc9b3d4a7c24e3162514674ae0d5778a96cc8d9177ce72e054
                                                                                                        • Instruction Fuzzy Hash: 7190023160108C42D510A298960674A000547D0701F95C817A8854618DC6B58895B121
                                                                                                        Function 32E72EB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 3 32e72eb0-32e72ebc LdrInitializeThunk
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 9ea137c36d003dfb109a26ba0a4f578395b060dc7e109c9cc7eae7a5a4104aa9
                                                                                                        • Instruction ID: 23459eadc0321680739ca349e400b464e32650e189a25a3ec721dd08adb1759e
                                                                                                        • Opcode Fuzzy Hash: 9ea137c36d003dfb109a26ba0a4f578395b060dc7e109c9cc7eae7a5a4104aa9
                                                                                                        • Instruction Fuzzy Hash: FD90023160140842D500A2985A1670B000547D0702F91C417A5594515DC6358855B571
                                                                                                        Function 32E72D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 2 32e72d10-32e72d1c LdrInitializeThunk
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: d45e2cf5bc4223b2f452de03343358a8b3298033a317bec63990f3498beb1059
                                                                                                        • Instruction ID: ea051b2cd8972e76070411f5b9bbcaf88d375bdc440bc082a0dfdb74c5435b6e
                                                                                                        • Opcode Fuzzy Hash: d45e2cf5bc4223b2f452de03343358a8b3298033a317bec63990f3498beb1059
                                                                                                        • Instruction Fuzzy Hash: ED90023160100853D511A2985706707000947D0741FD1C817A4854518DD6768956F121

                                                                                                        Non-executed Functions

                                                                                                        Function 32ED9060 Relevance: 19.8, APIs: 8, Strings: 3, Instructions: 558timeCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 574 32ed9060-32ed90a9 575 32ed90f8-32ed9107 574->575 576 32ed90ab-32ed90b0 574->576 577 32ed90b4-32ed90ba 575->577 578 32ed9109-32ed910e 575->578 576->577 579 32ed9215-32ed923d call 32e78f40 577->579 580 32ed90c0-32ed90e4 call 32e78f40 577->580 581 32ed9893-32ed98a7 call 32e74b50 578->581 590 32ed925c-32ed9292 579->590 591 32ed923f-32ed925a call 32ed98aa 579->591 588 32ed90e6-32ed90f3 call 32ef92ab 580->588 589 32ed9113-32ed91b4 GetPEB call 32edd7e5 580->589 600 32ed91fd-32ed9210 RtlDebugPrintTimes 588->600 601 32ed91b6-32ed91c4 589->601 602 32ed91d2-32ed91e7 589->602 595 32ed9294-32ed9296 590->595 591->595 595->581 599 32ed929c-32ed92b1 RtlDebugPrintTimes 595->599 599->581 608 32ed92b7-32ed92be 599->608 600->581 601->602 605 32ed91c6-32ed91cb 601->605 602->600 603 32ed91e9-32ed91ee 602->603 606 32ed91f0 603->606 607 32ed91f3-32ed91f6 603->607 605->602 606->607 607->600 608->581 610 32ed92c4-32ed92df 608->610 611 32ed92e3-32ed92f4 call 32eda388 610->611 614 32ed92fa-32ed92fc 611->614 615 32ed9891 611->615 614->581 616 32ed9302-32ed9309 614->616 615->581 617 32ed947c-32ed9482 616->617 618 32ed930f-32ed9314 616->618 619 32ed961c-32ed9622 617->619 620 32ed9488-32ed94b7 call 32e78f40 617->620 621 32ed933c 618->621 622 32ed9316-32ed931c 618->622 624 32ed9674-32ed9679 619->624 625 32ed9624-32ed962d 619->625 636 32ed94b9-32ed94c4 620->636 637 32ed94f0-32ed9505 620->637 627 32ed9340-32ed9391 call 32e78f40 RtlDebugPrintTimes 621->627 622->621 626 32ed931e-32ed9332 622->626 630 32ed967f-32ed9687 624->630 631 32ed9728-32ed9731 624->631 625->611 629 32ed9633-32ed966f call 32e78f40 625->629 632 32ed9338-32ed933a 626->632 633 32ed9334-32ed9336 626->633 627->581 660 32ed9397-32ed939b 627->660 654 32ed9869 629->654 640 32ed9689-32ed968d 630->640 641 32ed9693-32ed96bd call 32ed8093 630->641 631->611 638 32ed9737-32ed973a 631->638 632->627 633->627 642 32ed94cf-32ed94ee 636->642 643 32ed94c6-32ed94cd 636->643 647 32ed9507-32ed9509 637->647 648 32ed9511-32ed9518 637->648 644 32ed97fd-32ed9834 call 32e78f40 638->644 645 32ed9740-32ed978a 638->645 640->631 640->641 666 32ed9888-32ed988c 641->666 667 32ed96c3-32ed971e call 32e78f40 RtlDebugPrintTimes 641->667 653 32ed9559-32ed9576 RtlDebugPrintTimes 642->653 643->642 669 32ed983b-32ed9842 644->669 670 32ed9836 644->670 651 32ed978c 645->651 652 32ed9791-32ed979e 645->652 655 32ed950f 647->655 656 32ed950b-32ed950d 647->656 657 32ed953d-32ed953f 648->657 651->652 663 32ed97aa-32ed97ad 652->663 664 32ed97a0-32ed97a3 652->664 653->581 687 32ed957c-32ed959f call 32e78f40 653->687 665 32ed986d 654->665 655->648 656->648 661 32ed951a-32ed9524 657->661 662 32ed9541-32ed9557 657->662 671 32ed939d-32ed93a5 660->671 672 32ed93eb-32ed9400 660->672 677 32ed952d 661->677 678 32ed9526 661->678 662->653 675 32ed97af-32ed97b2 663->675 676 32ed97b9-32ed97fb 663->676 664->663 674 32ed9871-32ed9886 RtlDebugPrintTimes 665->674 666->611 667->581 703 32ed9724 667->703 682 32ed984d 669->682 683 32ed9844-32ed984b 669->683 670->669 684 32ed93a7-32ed93d0 call 32ed8093 671->684 685 32ed93d2-32ed93e9 671->685 686 32ed9406-32ed9414 672->686 674->581 674->666 675->676 676->674 681 32ed952f-32ed9531 677->681 678->662 688 32ed9528-32ed952b 678->688 689 32ed953b 681->689 690 32ed9533-32ed9535 681->690 691 32ed9851-32ed9857 682->691 683->691 693 32ed9418-32ed946f call 32e78f40 RtlDebugPrintTimes 684->693 685->686 686->693 706 32ed95bd-32ed95d8 687->706 707 32ed95a1-32ed95bb 687->707 688->681 689->657 690->689 697 32ed9537-32ed9539 690->697 698 32ed985e-32ed9864 691->698 699 32ed9859-32ed985c 691->699 693->581 710 32ed9475-32ed9477 693->710 697->657 698->665 704 32ed9866 698->704 699->654 703->631 704->654 708 32ed95dd-32ed960b RtlDebugPrintTimes 706->708 707->708 708->581 712 32ed9611-32ed9617 708->712 710->666 712->638
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DebugPrintTimes
                                                                                                        • String ID: $ $0
                                                                                                        • API String ID: 3446177414-3352262554
                                                                                                        • Opcode ID: 5df765fe9c675f52f97535bfeccd1b0ae4fdee5e081b143fed51f3da9c7a3f19
                                                                                                        • Instruction ID: bfbb755e74324dc6255fb608ad070f1019b91e02483ec68b1180988161d04987
                                                                                                        • Opcode Fuzzy Hash: 5df765fe9c675f52f97535bfeccd1b0ae4fdee5e081b143fed51f3da9c7a3f19
                                                                                                        • Instruction Fuzzy Hash: 623239B56083818FE350CF68C885B5BBBE5BF88748F00892EF99987350D775D94ACB52
                                                                                                        Function 32EDFDF4 Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 348timeCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 901 32edfdf4-32edfe16 call 32e87be4 904 32edfe18-32edfe30 RtlDebugPrintTimes 901->904 905 32edfe35-32edfe4d call 32e27662 901->905 911 32ee02d1-32ee02e0 904->911 909 32ee0277 905->909 910 32edfe53-32edfe69 905->910 914 32ee027a-32ee02ce call 32ee02e6 909->914 912 32edfe6b-32edfe6e 910->912 913 32edfe70-32edfe72 910->913 915 32edfe73-32edfe8a 912->915 913->915 914->911 917 32edfe90-32edfe93 915->917 918 32ee0231-32ee023a GetPEB 915->918 917->918 922 32edfe99-32edfea2 917->922 920 32ee023c-32ee0257 GetPEB call 32e2b910 918->920 921 32ee0259-32ee025e call 32e2b910 918->921 929 32ee0263-32ee0274 call 32e2b910 920->929 921->929 926 32edfebe-32edfed1 call 32ee0835 922->926 927 32edfea4-32edfebb call 32e3fed0 922->927 936 32edfedc-32edfef0 call 32e2753f 926->936 937 32edfed3-32edfeda 926->937 927->926 929->909 940 32edfef6-32edff02 GetPEB 936->940 941 32ee0122-32ee0127 936->941 937->936 942 32edff04-32edff07 940->942 943 32edff70-32edff7b 940->943 941->914 944 32ee012d-32ee0139 GetPEB 941->944 945 32edff09-32edff24 GetPEB call 32e2b910 942->945 946 32edff26-32edff2b call 32e2b910 942->946 949 32ee0068-32ee007a call 32e42710 943->949 950 32edff81-32edff88 943->950 947 32ee013b-32ee013e 944->947 948 32ee01a7-32ee01b2 944->948 963 32edff30-32edff51 call 32e2b910 GetPEB 945->963 946->963 953 32ee015d-32ee0162 call 32e2b910 947->953 954 32ee0140-32ee015b GetPEB call 32e2b910 947->954 948->914 951 32ee01b8-32ee01c3 948->951 973 32ee0110-32ee011d call 32ee0d24 call 32ee0835 949->973 974 32ee0080-32ee0087 949->974 950->949 957 32edff8e-32edff97 950->957 951->914 960 32ee01c9-32ee01d4 951->960 972 32ee0167-32ee017b call 32e2b910 953->972 954->972 958 32edff99-32edffa9 957->958 959 32edffb8-32edffbc 957->959 958->959 966 32edffab-32edffb5 call 32eed646 958->966 968 32edffce-32edffd4 959->968 969 32edffbe-32edffcc call 32e63ae9 959->969 960->914 967 32ee01da-32ee01e3 GetPEB 960->967 963->949 994 32edff57-32edff6b 963->994 966->959 977 32ee01e5-32ee0200 GetPEB call 32e2b910 967->977 978 32ee0202-32ee0207 call 32e2b910 967->978 980 32edffd7-32edffe0 968->980 969->980 1004 32ee017e-32ee0188 GetPEB 972->1004 973->941 983 32ee0089-32ee0090 974->983 984 32ee0092-32ee009a 974->984 1001 32ee020c-32ee022c call 32ed823a call 32e2b910 977->1001 978->1001 992 32edfff2-32edfff5 980->992 993 32edffe2-32edfff0 980->993 983->984 985 32ee009c-32ee00ac 984->985 986 32ee00b8-32ee00bc 984->986 985->986 996 32ee00ae-32ee00b3 call 32eed646 985->996 998 32ee00be-32ee00d1 call 32e63ae9 986->998 999 32ee00ec-32ee00f2 986->999 1002 32edfff7-32edfffe 992->1002 1003 32ee0065 992->1003 993->992 994->949 996->986 1015 32ee00e3 998->1015 1016 32ee00d3-32ee00e1 call 32e5fdb9 998->1016 1010 32ee00f5-32ee00fc 999->1010 1001->1004 1002->1003 1009 32ee0000-32ee000b 1002->1009 1003->949 1004->914 1005 32ee018e-32ee01a2 1004->1005 1005->914 1009->1003 1013 32ee000d-32ee0016 GetPEB 1009->1013 1010->973 1014 32ee00fe-32ee010e 1010->1014 1018 32ee0018-32ee0033 GetPEB call 32e2b910 1013->1018 1019 32ee0035-32ee003a call 32e2b910 1013->1019 1014->973 1023 32ee00e6-32ee00ea 1015->1023 1016->1023 1026 32ee003f-32ee005d call 32ed823a call 32e2b910 1018->1026 1019->1026 1023->1010 1026->1003
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DebugPrintTimes
                                                                                                        • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                        • API String ID: 3446177414-1700792311
                                                                                                        • Opcode ID: 334e26bae43f90c6462cc21685e2277fab157499825b55b94d999bd48336c70f
                                                                                                        • Instruction ID: d26bdbd9632589b0c2e46dc1d7d36ed054182b1a16cde006543f81858fa70156
                                                                                                        • Opcode Fuzzy Hash: 334e26bae43f90c6462cc21685e2277fab157499825b55b94d999bd48336c70f
                                                                                                        • Instruction Fuzzy Hash: F9D1ED39510785DFDB02DFA4C442AA9BBF1FF0A718F08C449E85ABB212CB759982CF50
                                                                                                        Function 32E2D2EC Relevance: 12.8, Strings: 10, Instructions: 312COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$h.2
                                                                                                        • API String ID: 0-418270511
                                                                                                        • Opcode ID: 46184c92e83247dff70bae3aeb78ade455db20e7c23a4e9dc790f456e7f1ba04
                                                                                                        • Instruction ID: 419d7355a1dc9cef230120806f35e1da90555800123e47e45c0b146e612c15ab
                                                                                                        • Opcode Fuzzy Hash: 46184c92e83247dff70bae3aeb78ade455db20e7c23a4e9dc790f456e7f1ba04
                                                                                                        • Instruction Fuzzy Hash: A5B19BB69083419FD715DF64C442B5BB7E8AF84748F00892EFA8AD7340DBB0D948CB92
                                                                                                        Function 32ED86C2 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                                        • API String ID: 0-2515994595
                                                                                                        • Opcode ID: ce6ba1d9ebec951a124513260c3eb79d8224c7b3a323a6453b859aceb79a5514
                                                                                                        • Instruction ID: d5235b48a1894d96284b24f0152f4665069888d292fa3a7e3d5ab06e7bc73b7b
                                                                                                        • Opcode Fuzzy Hash: ce6ba1d9ebec951a124513260c3eb79d8224c7b3a323a6453b859aceb79a5514
                                                                                                        • Instruction Fuzzy Hash: 75519EB95043119FE325DE199942B9BB7ECEB84358F80CA1DB998C3150EB70D607CB92
                                                                                                        Function 32EDF0A5 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 231timeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DebugPrintTimes
                                                                                                        • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                                                                        • API String ID: 3446177414-1745908468
                                                                                                        • Opcode ID: b79135f367fa54ddea7e477bcdf06da9101d36cb99910273cdc96abb7ae10c59
                                                                                                        • Instruction ID: f252d27d034297d6ac37281c15a110131120a09856dc81f378fea3423ba7782c
                                                                                                        • Opcode Fuzzy Hash: b79135f367fa54ddea7e477bcdf06da9101d36cb99910273cdc96abb7ae10c59
                                                                                                        • Instruction Fuzzy Hash: A1911D79910744DFDB02DFA8C862B9DBBF2FF09318F05C449E845AB251CBB99942CB50
                                                                                                        Function 32E2640D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 150timeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • RtlDebugPrintTimes.NTDLL ref: 32E2651C
                                                                                                          • Part of subcall function 32E26565: RtlDebugPrintTimes.NTDLL ref: 32E26614
                                                                                                          • Part of subcall function 32E26565: RtlDebugPrintTimes.NTDLL ref: 32E2665F
                                                                                                        Strings
                                                                                                        • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 32E897B9
                                                                                                        • LdrpInitShimEngine, xrefs: 32E89783, 32E89796, 32E897BF
                                                                                                        • Getting the shim engine exports failed with status 0x%08lx, xrefs: 32E89790
                                                                                                        • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 32E8977C
                                                                                                        • apphelp.dll, xrefs: 32E26446
                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 32E897A0, 32E897C9
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DebugPrintTimes
                                                                                                        • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                        • API String ID: 3446177414-204845295
                                                                                                        • Opcode ID: dbfa2908a339af819969022e3db4e2b4d567309878d87e23e05578d93ce6d070
                                                                                                        • Instruction ID: f2fef55311bda77657f0ff1763831249fcbd616f6937ce194bf19529f7a25483
                                                                                                        • Opcode Fuzzy Hash: dbfa2908a339af819969022e3db4e2b4d567309878d87e23e05578d93ce6d070
                                                                                                        • Instruction Fuzzy Hash: 1651C475A493459FE314DF24CC92F9BB7E8EF84B48F408D29F98997250DA30E944CB92
                                                                                                        Function 32E2D02D Relevance: 11.5, Strings: 9, Instructions: 249COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 32E2D06F
                                                                                                        • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 32E2D202
                                                                                                        • @, xrefs: 32E2D09D
                                                                                                        • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 32E2D263
                                                                                                        • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 32E2D0E6
                                                                                                        • @, xrefs: 32E2D2B3
                                                                                                        • Control Panel\Desktop\LanguageConfiguration, xrefs: 32E2D136
                                                                                                        • @, xrefs: 32E2D24F
                                                                                                        • h.2, xrefs: 32E8A5D2
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration$h.2
                                                                                                        • API String ID: 0-2169530473
                                                                                                        • Opcode ID: daceded1bebb69b033e0f13755fb34712a9891e39308d8d2aab955ed7e1bd041
                                                                                                        • Instruction ID: 0254b0b45fac910900a7e2487477923821cff55d250f543a2140f42c0eaa0dc6
                                                                                                        • Opcode Fuzzy Hash: daceded1bebb69b033e0f13755fb34712a9891e39308d8d2aab955ed7e1bd041
                                                                                                        • Instruction Fuzzy Hash: 40A18EB14183459FE321DF54C442B9BB7E8BF88759F00892EFA9996240EB74D948CF93
                                                                                                        Function 32E5D6D0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 151timeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • RtlDebugPrintTimes.NTDLL ref: 32E5D879
                                                                                                          • Part of subcall function 32E34779: RtlDebugPrintTimes.NTDLL ref: 32E34817
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DebugPrintTimes
                                                                                                        • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                                                                        • API String ID: 3446177414-1975516107
                                                                                                        • Opcode ID: 2199b9862c0d737ec18b62f3d9f8991b7b43d4fb3e01b567fd1030aa41bb152b
                                                                                                        • Instruction ID: ed2044ac0fc8edaeec0af4c2f6ceef35ebd2b1175e45aff6aa763c8ab306e0f3
                                                                                                        • Opcode Fuzzy Hash: 2199b9862c0d737ec18b62f3d9f8991b7b43d4fb3e01b567fd1030aa41bb152b
                                                                                                        • Instruction Fuzzy Hash: 4B51CC79A143459FEB08CFA4C48679DBBB1BF45B18F61C459D800AB281DBB4E982CBC0
                                                                                                        Function 32EB8633 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • VerifierDebug, xrefs: 32EB8925
                                                                                                        • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 32EB86E7
                                                                                                        • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 32EB86BD
                                                                                                        • VerifierFlags, xrefs: 32EB88D0
                                                                                                        • VerifierDlls, xrefs: 32EB893D
                                                                                                        • HandleTraces, xrefs: 32EB890F
                                                                                                        • AVRF: -*- final list of providers -*- , xrefs: 32EB880F
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                                        • API String ID: 0-3223716464
                                                                                                        • Opcode ID: c65137dcab92f6eb780f3f4c9c2077d2effbf1aad89a4c15bd87a74279eda696
                                                                                                        • Instruction ID: e1978496072a68a7f978ec80c2ee1372aa31987e95d5b2c9bb486f07399c2efb
                                                                                                        • Opcode Fuzzy Hash: c65137dcab92f6eb780f3f4c9c2077d2effbf1aad89a4c15bd87a74279eda696
                                                                                                        • Instruction Fuzzy Hash: 8891667A9093519FEF05CF24D883B6AB3A4AF45B58F85C868F9406B380CB709C05CBD2
                                                                                                        Function 32E5237A Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 111COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • LdrpDynamicShimModule, xrefs: 32E9A7A5
                                                                                                        • DG2, xrefs: 32E52382
                                                                                                        • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 32E9A79F
                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 32E9A7AF
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: DG2$Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$minkernel\ntdll\ldrinit.c
                                                                                                        • API String ID: 0-814736265
                                                                                                        • Opcode ID: 270a921a1b5f71129bfc372575647aaee6c7f949d59596547d1f89a2a22fc9b2
                                                                                                        • Instruction ID: 1d5759cc3689d73f78e4b82fceef24917780d350234218b100e40ba07e0a76de
                                                                                                        • Opcode Fuzzy Hash: 270a921a1b5f71129bfc372575647aaee6c7f949d59596547d1f89a2a22fc9b2
                                                                                                        • Instruction Fuzzy Hash: 293127BAA41300AFE7149F58C897ED9B7B5EF81F04F25846AE900A7340DB759882CBD0
                                                                                                        Function 32E2F113 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                        • API String ID: 0-523794902
                                                                                                        • Opcode ID: b37b90736d681c7592a4228e6156f88cf292e3b7a0d9cbb17119e1ad61c6c521
                                                                                                        • Instruction ID: 8cbf414165d0543489bdb909b62e0d965318fce8b054dd4c6100c111096a0cc1
                                                                                                        • Opcode Fuzzy Hash: b37b90736d681c7592a4228e6156f88cf292e3b7a0d9cbb17119e1ad61c6c521
                                                                                                        • Instruction Fuzzy Hash: 4642FE752147819FD308DF24C882B6AB7E5FF88B48F44C96DF88A8B251DB74D941CB52
                                                                                                        Function 32E5510F Relevance: 7.9, Strings: 6, Instructions: 434COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs$h.2
                                                                                                        • API String ID: 0-4210002246
                                                                                                        • Opcode ID: 3d3e02f652503cb2f9048369f64c75f442af44d128496acc70527397fede01f9
                                                                                                        • Instruction ID: 60b7165eefdabc5e46fed286fdf56e8c917a1b4ee470a703a2019b2ed4db453b
                                                                                                        • Opcode Fuzzy Hash: 3d3e02f652503cb2f9048369f64c75f442af44d128496acc70527397fede01f9
                                                                                                        • Instruction Fuzzy Hash: 10F14E76D20218EFDB05CF99C942ADEBBB8FF08754F60805AE515A7210EBB4DE01CB90
                                                                                                        Function 32E4B0D0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                                                                        • API String ID: 0-122214566
                                                                                                        • Opcode ID: 590918da0433dd5b6d8bb7d716749d9c22057a6fd52b27f2a118a2027d32b63e
                                                                                                        • Instruction ID: 1f1bb0f3abdd22f2441ce2c0480a3e2622c1b3cb056693eb912c148980407120
                                                                                                        • Opcode Fuzzy Hash: 590918da0433dd5b6d8bb7d716749d9c22057a6fd52b27f2a118a2027d32b63e
                                                                                                        • Instruction Fuzzy Hash: 84C11475E043159BEB088B65E893BBE77A5AF45708F54C16EEC05AB290EFB4CC45C3A0
                                                                                                        Function 32E6631F Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                        • API String ID: 0-792281065
                                                                                                        • Opcode ID: 011cd190dd7d30b17450363862460c5c31c5f4c91e82acc7488beb2cf72c6509
                                                                                                        • Instruction ID: 59322552f90cc0d135fc2aad43ffe30ab24e3a2b29b853dbe2950e43c9591dc2
                                                                                                        • Opcode Fuzzy Hash: 011cd190dd7d30b17450363862460c5c31c5f4c91e82acc7488beb2cf72c6509
                                                                                                        • Instruction Fuzzy Hash: 0C915879AA6354DBEB18CF14C857BA977A0FF41B5CF05C529E9106F280CBB45842CBD1
                                                                                                        Function 32E40680 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 414COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                        • API String ID: 0-4253913091
                                                                                                        • Opcode ID: 53c7fb5a086cab81f68608268f68d7ed6c9e196c02f40f7cd78cb4dfffd1ae3d
                                                                                                        • Instruction ID: ae921c8d47a9125e64c3794ce445eacc6701012701b1b21305cd2c84aac0429c
                                                                                                        • Opcode Fuzzy Hash: 53c7fb5a086cab81f68608268f68d7ed6c9e196c02f40f7cd78cb4dfffd1ae3d
                                                                                                        • Instruction Fuzzy Hash: FEF1AD75A00605DFE708CF69D986FAAB7B5FF44348F10C1A9E8159B381DB34E981CB91
                                                                                                        Function 32E59723 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 179timeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DebugPrintTimes
                                                                                                        • String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
                                                                                                        • API String ID: 3446177414-2283098728
                                                                                                        • Opcode ID: 50aabe470b62e734933f72181186259dbbf08a76da6b7b391574c85b16874b88
                                                                                                        • Instruction ID: a9550ea235fe1182c23226b6b3e4c7080d226c195f20d2344add70ef79627d4c
                                                                                                        • Opcode Fuzzy Hash: 50aabe470b62e734933f72181186259dbbf08a76da6b7b391574c85b16874b88
                                                                                                        • Instruction Fuzzy Hash: 9E5137756203019FE714DF38C882B9977A1BB85718F24CA6DF9419B281EBB4E841CFD1
                                                                                                        Function 32E6C640 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 141timeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        • LdrpInitializePerUserWindowsDirectory, xrefs: 32EA80E9
                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 32EA80F3
                                                                                                        • Failed to reallocate the system dirs string !, xrefs: 32EA80E2
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DebugPrintTimes
                                                                                                        • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                        • API String ID: 3446177414-1783798831
                                                                                                        • Opcode ID: c7a8734aa48abde8c52671519002f20ab9ddcc5851e87cb7c2fdd09831d54349
                                                                                                        • Instruction ID: f0ded905f58cebb766a2af757df9892909ce85fd7fbe1c3b4958fd05357ae893
                                                                                                        • Opcode Fuzzy Hash: c7a8734aa48abde8c52671519002f20ab9ddcc5851e87cb7c2fdd09831d54349
                                                                                                        • Instruction Fuzzy Hash: 5A4156B9591310ABD710DB24DC46B5BBBE8FF45B18F01EC2AB848A7250DA70D801CBD6
                                                                                                        Function 32EB43D5 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121timeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 32EB4508
                                                                                                        • minkernel\ntdll\ldrredirect.c, xrefs: 32EB4519
                                                                                                        • LdrpCheckRedirection, xrefs: 32EB450F
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DebugPrintTimes
                                                                                                        • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                        • API String ID: 3446177414-3154609507
                                                                                                        • Opcode ID: 78fc99af83d34cbfa93048e4768221f96165315a3ca045870bd67e63ddfd9dde
                                                                                                        • Instruction ID: 0bb8041809b868fb8b442d8e4936f0d997916b914ce45519df092c11febca06d
                                                                                                        • Opcode Fuzzy Hash: 78fc99af83d34cbfa93048e4768221f96165315a3ca045870bd67e63ddfd9dde
                                                                                                        • Instruction Fuzzy Hash: 0841E4776093219FDF10CF58C962A56B7E4AF48758F068A69EC48E7252DB30D821CB81
                                                                                                        Function 32F0ACEB Relevance: 6.4, APIs: 4, Instructions: 450timeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DebugPrintTimes
                                                                                                        • String ID:
                                                                                                        • API String ID: 3446177414-0
                                                                                                        • Opcode ID: 72ac44757dd015a1e0a46bc81012db66e0e5ac01a885233205fbcaec1b7bac7d
                                                                                                        • Instruction ID: a673ab848c4f724b74523df1d0781bd7b54e52dc47cbb37142b1d15bba841755
                                                                                                        • Opcode Fuzzy Hash: 72ac44757dd015a1e0a46bc81012db66e0e5ac01a885233205fbcaec1b7bac7d
                                                                                                        • Instruction Fuzzy Hash: 1FF11777E002118BDB08CF69C89067DFBF5AF88204B15866DD9A6DB380DA34ED45DF50
                                                                                                        Function 32E27662 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlFreeHeap
                                                                                                        • API String ID: 0-3061284088
                                                                                                        • Opcode ID: 245c03b3e86fc2899986393c2766f3ab2cb0956a8407b9a7cd6ecdac3cecc4ee
                                                                                                        • Instruction ID: 758a9a68a9922b249c02e8298a3f970a1f788ffa884638a1e98afff1f04676fe
                                                                                                        • Opcode Fuzzy Hash: 245c03b3e86fc2899986393c2766f3ab2cb0956a8407b9a7cd6ecdac3cecc4ee
                                                                                                        • Instruction Fuzzy Hash: 7F014C36035740AEE305A329D40BF4277A4EB42B38F19C88DF049AB690DEA59841EA60
                                                                                                        Function 32E30485 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 135timeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        • kLsE, xrefs: 32E305FE
                                                                                                        • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 32E30586
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DebugPrintTimes
                                                                                                        • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                        • API String ID: 3446177414-2547482624
                                                                                                        • Opcode ID: a0ed533ea9c1434112220bcf3f9886d72c518ce6264eb235a492d2508062bf09
                                                                                                        • Instruction ID: 69fed8ffe03ecc94c7b6c0ab2e5a4aa3624a6a94c3b32567c57c513f4e383b06
                                                                                                        • Opcode Fuzzy Hash: a0ed533ea9c1434112220bcf3f9886d72c518ce6264eb235a492d2508062bf09
                                                                                                        • Instruction Fuzzy Hash: A251E476A02745EFE725CFA4C4427A6B7F4AF4470AF00C43EEAD987240DB709505CB92
                                                                                                        Function 32E3A2E0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                        • API String ID: 0-379654539
                                                                                                        • Opcode ID: 6d4700ffb8dda171e6e1a61cd5c2b6aad7ba630c90a4e661fc4dfaebb164734e
                                                                                                        • Instruction ID: e78cbc7d0b94aaf2cd2888746f605cc3024b2b6774bb9e611a1203bec5266b76
                                                                                                        • Opcode Fuzzy Hash: 6d4700ffb8dda171e6e1a61cd5c2b6aad7ba630c90a4e661fc4dfaebb164734e
                                                                                                        • Instruction Fuzzy Hash: A3C19C75109382CFE716CF58C042B9AB7E4BF84749F00C96AFA958B350EB78C985CB56
                                                                                                        Function 32E68322 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 32E6847E
                                                                                                        • @, xrefs: 32E684B1
                                                                                                        • LdrpInitializeProcess, xrefs: 32E68342
                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 32E68341
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                        • API String ID: 0-1918872054
                                                                                                        • Opcode ID: 9a5c3c7eb5144a22d2e04495684c31c34b78b84d0ff15966f57a26c69d196ab7
                                                                                                        • Instruction ID: 959166f5dd99f52e549352a0b326744e77b5d5b83802ab233a86fb5e58def1f4
                                                                                                        • Opcode Fuzzy Hash: 9a5c3c7eb5144a22d2e04495684c31c34b78b84d0ff15966f57a26c69d196ab7
                                                                                                        • Instruction Fuzzy Hash: 1491BE75558340AFE721CF25D852FABB7ECEF84788F44892EFA8496140E774D908CB62
                                                                                                        Function 32E6265C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 32EA20C0
                                                                                                        • SXS: %s() passed the empty activation context, xrefs: 32EA1FE8
                                                                                                        • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 32EA1FE3, 32EA20BB
                                                                                                        • .Local, xrefs: 32E627F8
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                        • API String ID: 0-1239276146
                                                                                                        • Opcode ID: 701f118215787ba93fa2490ba00969e1e4bebc20082bb424af2e9487ac8900b3
                                                                                                        • Instruction ID: 080a1805997754ad8e6e7d085d257f622bd1c03a352a31472bfdbb6ea30358b3
                                                                                                        • Opcode Fuzzy Hash: 701f118215787ba93fa2490ba00969e1e4bebc20082bb424af2e9487ac8900b3
                                                                                                        • Instruction Fuzzy Hash: DDA1D275940329DBDB24CF64DC86BA9B3B1BF5835CF1081E9D808AB255DB749E81CF90
                                                                                                        Function 32EC327E Relevance: 5.2, Strings: 4, Instructions: 236COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: @$LdrpResMapFile Enter$LdrpResMapFile Exit$X}2
                                                                                                        • API String ID: 0-2717989024
                                                                                                        • Opcode ID: 905d91e70df50cff438d8d189a63ff2c3326d3efea2b32cd0fee920ad5fc3d98
                                                                                                        • Instruction ID: b3625753157795507b03b09b4a5bf1a1d231af18599086b8b06b72fc8c35172a
                                                                                                        • Opcode Fuzzy Hash: 905d91e70df50cff438d8d189a63ff2c3326d3efea2b32cd0fee920ad5fc3d98
                                                                                                        • Instruction Fuzzy Hash: EF81A071618350AFE715CBA9CA82B5AB7E8FF84758F40892DFD509B290DF74D900CB62
                                                                                                        Function 32E3B360 Relevance: 5.2, Strings: 4, Instructions: 221COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: LU2$LdrpResGetResourceDirectory Enter$LdrpResGetResourceDirectory Exit${
                                                                                                        • API String ID: 0-3145412507
                                                                                                        • Opcode ID: 936a116370843915ab004e1806c84a4e1049ce8655356f6ae55aa3993d4bd945
                                                                                                        • Instruction ID: d06126bf75ef9d7f642e1e24d77f3060a4add52c858c00945e5423db6d9c3aff
                                                                                                        • Opcode Fuzzy Hash: 936a116370843915ab004e1806c84a4e1049ce8655356f6ae55aa3993d4bd945
                                                                                                        • Instruction Fuzzy Hash: B391E176A06355DFEB12CF54D4427EDB3B1FF04369F14C19AE912AB290DB789A80CB90
                                                                                                        Function 32E363CB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 32E90E2F
                                                                                                        • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 32E90DEC
                                                                                                        • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 32E90E72
                                                                                                        • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 32E90EB5
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                        • API String ID: 0-1468400865
                                                                                                        • Opcode ID: 18cb3f8678718e068a30fe7b82106564be36283cf3736b0aa3a298fd9c4769ca
                                                                                                        • Instruction ID: 746d78d620b51b43a4d1a7010c4214be12c5527a212ff7420783822f715480d0
                                                                                                        • Opcode Fuzzy Hash: 18cb3f8678718e068a30fe7b82106564be36283cf3736b0aa3a298fd9c4769ca
                                                                                                        • Instruction Fuzzy Hash: 8A71E2B19043089FDB91CF24C886B877BA8FF857A4F408469FD488B18AD774D588CBD6
                                                                                                        Function 32E290F8 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                                                                                        • API String ID: 2994545307-1391187441
                                                                                                        • Opcode ID: fae4702cfcec800b074109c0764349afe25be18f39181b8f4e0e2d02ed715903
                                                                                                        • Instruction ID: 271b0914e45842eee7bf1e2aa0d9b9c5b96ed5612464bfaaeef2407788a56fba
                                                                                                        • Opcode Fuzzy Hash: fae4702cfcec800b074109c0764349afe25be18f39181b8f4e0e2d02ed715903
                                                                                                        • Instruction Fuzzy Hash: C831D476910218EFEB01DB55DC86F9AB7B8FF44764F25C0A5F819B7290DB70E940CA60
                                                                                                        Function 32E71190 Relevance: 5.1, Strings: 4, Instructions: 97COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion$e2
                                                                                                        • API String ID: 0-7451817
                                                                                                        • Opcode ID: 407c755b68f4ec02dd6d9c758742cc6edbdac8ff7d311d90ea503818e906d973
                                                                                                        • Instruction ID: 32ebda4f0c7d57546ef0f39e29990e94b10ddfd4ee6c2af2ae99d3073e35fe55
                                                                                                        • Opcode Fuzzy Hash: 407c755b68f4ec02dd6d9c758742cc6edbdac8ff7d311d90ea503818e906d973
                                                                                                        • Instruction Fuzzy Hash: 96318176900659BBDF11CB98CC42FDEBBB9EF94754F108025F914AB260EB70DA05DB90
                                                                                                        Function 32E37072 Relevance: 4.7, APIs: 3, Instructions: 158timeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DebugPrintTimes
                                                                                                        • String ID:
                                                                                                        • API String ID: 3446177414-0
                                                                                                        • Opcode ID: 9f69f8b5f865c20c00020dffac3d610c78d80094fd91a7205305b8e613b0e9a3
                                                                                                        • Instruction ID: 7edfc36eba557a63b48140c8468447237edc6cddf66763c44c97d3016ada4619
                                                                                                        • Opcode Fuzzy Hash: 9f69f8b5f865c20c00020dffac3d610c78d80094fd91a7205305b8e613b0e9a3
                                                                                                        • Instruction Fuzzy Hash: 2B512539A01705EFEB06CF64C8467ADB7B1BF4475AF10C16AEA129B290DB749901DF90
                                                                                                        Function 32EC3608 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: LdrpResSearchResourceHandle Enter$LdrpResSearchResourceHandle Exit$PE
                                                                                                        • API String ID: 0-1168191160
                                                                                                        • Opcode ID: 51e8715f77553c23769bf6d162012d1d10d1c81a4e0a635949441654c5fa5095
                                                                                                        • Instruction ID: 92db193e769c0c16be786a49ef185ca631089dc9ffa8c75f731a51dd4b66113c
                                                                                                        • Opcode Fuzzy Hash: 51e8715f77553c23769bf6d162012d1d10d1c81a4e0a635949441654c5fa5095
                                                                                                        • Instruction Fuzzy Hash: A9F190B5A003388BDB24CB94CED1BD9B3B5AF44748F54C0E9EA08A7240EB319E85CF55
                                                                                                        Function 32E31380 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • HEAP[%wZ]: , xrefs: 32E31632
                                                                                                        • HEAP: , xrefs: 32E314B6
                                                                                                        • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 32E31648
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                        • API String ID: 0-3178619729
                                                                                                        • Opcode ID: ecfee5dc889d3a5da1be3ba338a653bd67e5bad99f8f828b85abd525faedd488
                                                                                                        • Instruction ID: 4c1ff9bca2417c672a58a044485578aaa52d9b098a7cef99bbd0f63c327c57c7
                                                                                                        • Opcode Fuzzy Hash: ecfee5dc889d3a5da1be3ba338a653bd67e5bad99f8f828b85abd525faedd488
                                                                                                        • Instruction Fuzzy Hash: 92E11178A053459FEB1ACF68C44277ABBF1AF48B19F14C85DEA968F241EB34D940CB50
                                                                                                        Function 32E5F4D0 Relevance: 4.1, Strings: 3, Instructions: 382COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 32EA00C7
                                                                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 32EA00F1
                                                                                                        • RTL: Re-Waiting, xrefs: 32EA0128
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                        • API String ID: 0-2474120054
                                                                                                        • Opcode ID: d4694c879138bd12cde133930dd57dfd3a1c36df090c346626d76824bc3c2b62
                                                                                                        • Instruction ID: 63a4d68eba5d1ac42a90ad637e746ddebb0a3f2a0df26e218c9caec05db0071a
                                                                                                        • Opcode Fuzzy Hash: d4694c879138bd12cde133930dd57dfd3a1c36df090c346626d76824bc3c2b62
                                                                                                        • Instruction Fuzzy Hash: 9FE1E174618741DFE715CF28C882B4AB7E0BF85358F208A6DF5A48B2D0DB74D944CB92
                                                                                                        Function 32EB330C Relevance: 4.0, Strings: 3, Instructions: 292COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: @$DelegatedNtdll$\SystemRoot\system32\
                                                                                                        • API String ID: 0-2391371766
                                                                                                        • Opcode ID: 759b0da1d4ca4461bbbd44808af8f91958defe84e1ffd33b855a3d798b648328
                                                                                                        • Instruction ID: c1e567382232a35df977577bc466ea2417c224fe464864612fbda281e4aa785d
                                                                                                        • Opcode Fuzzy Hash: 759b0da1d4ca4461bbbd44808af8f91958defe84e1ffd33b855a3d798b648328
                                                                                                        • Instruction Fuzzy Hash: 8CB1D475619341AFE711CF64C883F57B3E8EF49758F418929FA50AB250DBB0E848CB92
                                                                                                        Function 32E2A147 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: FilterFullPath$UseFilter$\??\
                                                                                                        • API String ID: 0-2779062949
                                                                                                        • Opcode ID: ffef127c93b8a6daae635d28bbf67ac2b50a8b73f4a1e723f7bb9aa69f209b00
                                                                                                        • Instruction ID: e1d84c74d2470e7dc605919f75843b1417760fc54e40301284d28ba4f2c7f126
                                                                                                        • Opcode Fuzzy Hash: ffef127c93b8a6daae635d28bbf67ac2b50a8b73f4a1e723f7bb9aa69f209b00
                                                                                                        • Instruction Fuzzy Hash: 63A18E759116399BDB21DF24CC89BEAB3B8EF05714F1081EAE90DA7250DB749E84CF50
                                                                                                        Function 32F0B2BC Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 32F0B3AA
                                                                                                        • GlobalizationUserSettings, xrefs: 32F0B3B4
                                                                                                        • TargetNtPath, xrefs: 32F0B3AF
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                                                                                        • API String ID: 0-505981995
                                                                                                        • Opcode ID: 7eb7ac224737109852e87e8d7e15f131c2511e2bceaae7ec7d547f2f96e381cd
                                                                                                        • Instruction ID: d64e2ace58980f035249dd57b5694fe7c063daf099b80918be2e7a2a41e9ecdb
                                                                                                        • Opcode Fuzzy Hash: 7eb7ac224737109852e87e8d7e15f131c2511e2bceaae7ec7d547f2f96e381cd
                                                                                                        • Instruction Fuzzy Hash: DF61C172D41229ABDB21DF54DC89BDAB7B8EB04714F4185E5EA08A7250CB74DE84CF90
                                                                                                        Function 32E2F75B Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 32E8E455
                                                                                                        • HEAP[%wZ]: , xrefs: 32E8E435
                                                                                                        • HEAP: , xrefs: 32E8E442
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                                                        • API String ID: 0-1340214556
                                                                                                        • Opcode ID: edd02ab2867034c12784af86a338b538ac16975138617c9c42595fa74733eee1
                                                                                                        • Instruction ID: 97d30e0f5521ba24d40093fb883d6d46d21c1ce91bb5a9ed01a825614ac44b8d
                                                                                                        • Opcode Fuzzy Hash: edd02ab2867034c12784af86a338b538ac16975138617c9c42595fa74733eee1
                                                                                                        • Instruction Fuzzy Hash: A7515735610784AFE315DB64C886F8ABBF8FF04748F18C0A4F5868B252DB74EA00CB51
                                                                                                        Function 32EDD62C Relevance: 3.9, Strings: 3, Instructions: 163COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • Heap block at %p modified at %p past requested size of %Ix, xrefs: 32EDD7B2
                                                                                                        • HEAP[%wZ]: , xrefs: 32EDD792
                                                                                                        • HEAP: , xrefs: 32EDD79F
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                                                                        • API String ID: 0-3815128232
                                                                                                        • Opcode ID: e8ca57ac1a1196b8ef18cdabfe3d37dcd4b3c9b3ee0f57a9921d79f21d98ee52
                                                                                                        • Instruction ID: 73828b41bd5388706f420eeb1d56579f8f99c95e48c6796f6cdb8a90ea27832b
                                                                                                        • Opcode Fuzzy Hash: e8ca57ac1a1196b8ef18cdabfe3d37dcd4b3c9b3ee0f57a9921d79f21d98ee52
                                                                                                        • Instruction Fuzzy Hash: 3651247E100350CEF324CAA9C84277277E1DF45388F51C89EE4E98B185DA66E847DBA0
                                                                                                        Function 32E3A1E3 Relevance: 3.9, Strings: 3, Instructions: 118COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: @S2$RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                        • API String ID: 0-1495203611
                                                                                                        • Opcode ID: b03854ac60b65be08251def294ff28b5fe5f9797efd8b90c97f7025cc7f815c3
                                                                                                        • Instruction ID: b403ce325fc2004d34437b1474c6e3a9c653c4573d9a8c151d1861d31ee9aa4c
                                                                                                        • Opcode Fuzzy Hash: b03854ac60b65be08251def294ff28b5fe5f9797efd8b90c97f7025cc7f815c3
                                                                                                        • Instruction Fuzzy Hash: 7441AC74A017449FDB06CF99C442B9977B4FF45749F20C0A6ED18DB391EA39D980CB10
                                                                                                        Function 32EBB214 Relevance: 3.9, Strings: 3, Instructions: 107COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • GlobalFlag, xrefs: 32EBB30F
                                                                                                        • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 32EBB2B2
                                                                                                        • @, xrefs: 32EBB2F0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
                                                                                                        • API String ID: 0-4192008846
                                                                                                        • Opcode ID: dc0471141284240f5f5cc757f091065af0ec051a89a2a3dd186dde320aeb09f5
                                                                                                        • Instruction ID: fbd6a7e235ce37e00561b8beb0931df2d54c323238832902a9fa4b503b78f046
                                                                                                        • Opcode Fuzzy Hash: dc0471141284240f5f5cc757f091065af0ec051a89a2a3dd186dde320aeb09f5
                                                                                                        • Instruction Fuzzy Hash: 77313EB5D00209AEDF11DF95DC82AEEBBBCEF44748F44847DEA05A7150DBB49A04CB90
                                                                                                        Function 32E451C0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: @$@
                                                                                                        • API String ID: 0-149943524
                                                                                                        • Opcode ID: 21a540e7c7c7e7b640eee89547dc2c110a7d29d34e1774f8850384ecef458264
                                                                                                        • Instruction ID: da0b1f47f4dbf0ffc2383d92c39bb2cafb53c617401cee5f017247e7e4e4f182
                                                                                                        • Opcode Fuzzy Hash: 21a540e7c7c7e7b640eee89547dc2c110a7d29d34e1774f8850384ecef458264
                                                                                                        • Instruction Fuzzy Hash: 3632ACB45083118BD724CF14D492B7EB7E1EF98748F50892EF9A59B290EF78C984CB52
                                                                                                        Function 32E35622 Relevance: 3.1, APIs: 2, Instructions: 104timeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DebugPrintTimes
                                                                                                        • String ID:
                                                                                                        • API String ID: 3446177414-0
                                                                                                        • Opcode ID: a881bc05daec4f5b8fcb6b4b31b652d287a8a927a9aa8fd5fb37d364e9c43d53
                                                                                                        • Instruction ID: ab7def0d5d1519c29f4d8ab645ecfad6dae52ab88972add7f76703bb90f5c825
                                                                                                        • Opcode Fuzzy Hash: a881bc05daec4f5b8fcb6b4b31b652d287a8a927a9aa8fd5fb37d364e9c43d53
                                                                                                        • Instruction Fuzzy Hash: 4331E135212B12AFE7479B25C942B8AF7A5BF48759F408025EA1087F50DBB4E821CFD0
                                                                                                        Function 32EAE372 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID: Legacy$UEFI
                                                                                                        • API String ID: 2994545307-634100481
                                                                                                        • Opcode ID: 5780e66eb3421ab7d6853349eb0e1ab38ff912f6c3e1169b24f3226751e31ed2
                                                                                                        • Instruction ID: 5120b853c1c7d3ee1df2b9d0217025e050853ce1b882797edc4c647e5756a19b
                                                                                                        • Opcode Fuzzy Hash: 5780e66eb3421ab7d6853349eb0e1ab38ff912f6c3e1169b24f3226751e31ed2
                                                                                                        • Instruction Fuzzy Hash: 4F614DB1E007089FDB15CFA8D952AADB7B9FF48744F588079E549EB251EA30D940CB90
                                                                                                        Function 32E4F640 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DebugPrintTimes
                                                                                                        • String ID: $$$
                                                                                                        • API String ID: 3446177414-233714265
                                                                                                        • Opcode ID: 653ce739198e6c72919c7c5d453e94c496151780abc546e9bc276847888735d0
                                                                                                        • Instruction ID: d74e878443ecae9cd9db15c4d5e37126cb95abb090a9e1929284f76724735eef
                                                                                                        • Opcode Fuzzy Hash: 653ce739198e6c72919c7c5d453e94c496151780abc546e9bc276847888735d0
                                                                                                        • Instruction Fuzzy Hash: 6661BE75A11749CFEB24CFA4D586BADB7F1BF44B08F10C469E5056B690CFB4A940CB80
                                                                                                        Function 32EC314A Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit
                                                                                                        • API String ID: 0-118005554
                                                                                                        • Opcode ID: ce9279766166955143f831661fd2461a66269de2d09dd36a0b6276cbaccf27e0
                                                                                                        • Instruction ID: 343a05e46e11f7b574075358623240d9b837ae56358dbf3d3277f82d426ac86a
                                                                                                        • Opcode Fuzzy Hash: ce9279766166955143f831661fd2461a66269de2d09dd36a0b6276cbaccf27e0
                                                                                                        • Instruction Fuzzy Hash: 643104752187918FD315CBA9EA82B1AB7E4EF85718F108869FC54CB380EF71D905CB62
                                                                                                        Function 32E306CF Relevance: 2.6, Strings: 2, Instructions: 95COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 2$ 2
                                                                                                        • API String ID: 0-999121832
                                                                                                        • Opcode ID: ae935af1b8395bfc9e35436dfdab7caa6b1f555097e38428a82bfd12acc76a03
                                                                                                        • Instruction ID: df40ada9f6cd7a56d63a8db5ed50c86c3de75834206948f59e3be2b36e50a927
                                                                                                        • Opcode Fuzzy Hash: ae935af1b8395bfc9e35436dfdab7caa6b1f555097e38428a82bfd12acc76a03
                                                                                                        • Instruction Fuzzy Hash: 0931E2366067019BD717EE14C882E9B77A5AF84AA6F06C428FE8597210EE30CC01CBA1
                                                                                                        Function 32E631BE Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: .Local\$@
                                                                                                        • API String ID: 0-380025441
                                                                                                        • Opcode ID: fb86f6dd2c53cacbb91176d4ee9f395ca65c830f745dcae03b816382d7763687
                                                                                                        • Instruction ID: a718632d78a645a7d7ae34cdfe2e73579573afe577f684e09563321684c18f61
                                                                                                        • Opcode Fuzzy Hash: fb86f6dd2c53cacbb91176d4ee9f395ca65c830f745dcae03b816382d7763687
                                                                                                        • Instruction Fuzzy Hash: 233184B55493419FD311CF28C882A6BBBE8FB85B58F40492EF99883250DA34DD08CB92
                                                                                                        Function 32E633D0 Relevance: 2.6, Strings: 2, Instructions: 66COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 32EA289F
                                                                                                        • RtlpInitializeAssemblyStorageMap, xrefs: 32EA289A
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
                                                                                                        • API String ID: 0-2653619699
                                                                                                        • Opcode ID: 6e41590c6900d62ce0416517315a1a103c17e87950543eb2d6b3ce2bf012f7cb
                                                                                                        • Instruction ID: b90f8939381fc140bdab33f1eaade3ca0fa686a952d16fc7b94d9f805cb1733c
                                                                                                        • Opcode Fuzzy Hash: 6e41590c6900d62ce0416517315a1a103c17e87950543eb2d6b3ce2bf012f7cb
                                                                                                        • Instruction Fuzzy Hash: 6E112576B40304BBF7198A48CC47F6B77A9DB84B5CF24C039B904EB244DE74DD0086A0
                                                                                                        Function 32E6A4F0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID: Cleanup Group$Threadpool!
                                                                                                        • API String ID: 2994545307-4008356553
                                                                                                        • Opcode ID: 7d0877840fa4da4351aaa9a3ad385c5782ac323278d83578664f9453baf8d132
                                                                                                        • Instruction ID: 199a79badddbefa19864a7f7116fee86f968f9e4e20ffc8c226d15d515a6a8b3
                                                                                                        • Opcode Fuzzy Hash: 7d0877840fa4da4351aaa9a3ad385c5782ac323278d83578664f9453baf8d132
                                                                                                        • Instruction Fuzzy Hash: D801D1B2A91740AFE311CF14CD06B2277E8EB40B19F01C979B658CB6A0E734D945CB45
                                                                                                        Function 32E3C6E0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: MUI
                                                                                                        • API String ID: 0-1339004836
                                                                                                        • Opcode ID: 02adc816841cbea8f1cd0f25801928dd8e54a8d29447cb58113d59f31d1abb36
                                                                                                        • Instruction ID: 5c5a9ec62303d6e38ea935e34f83615a0141c23629a85706d68986ddfe3b892a
                                                                                                        • Opcode Fuzzy Hash: 02adc816841cbea8f1cd0f25801928dd8e54a8d29447cb58113d59f31d1abb36
                                                                                                        • Instruction Fuzzy Hash: B8825B79E022188BEB16CFA9C8817EDB7B5FF48759F10C169EA19AB250DB309941CF50
                                                                                                        Function 32E364F0 Relevance: 1.9, APIs: 1, Instructions: 383COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 0448cfe16bc6b536e0d67307e2eac09179ac7a9e1a48dd02b7a86f0a2f66cef8
                                                                                                        • Instruction ID: 008d2d824d70120887e7ab95fc9043f5448960c98d28250fc8a238af359a2418
                                                                                                        • Opcode Fuzzy Hash: 0448cfe16bc6b536e0d67307e2eac09179ac7a9e1a48dd02b7a86f0a2f66cef8
                                                                                                        • Instruction Fuzzy Hash: A1E19A7560A341CFD305CF28C081A5ABBE0FF89349F548A6DFA898B351DB71E905CB96
                                                                                                        Function 32E31051 Relevance: 1.8, APIs: 1, Instructions: 259timeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DebugPrintTimes
                                                                                                        • String ID:
                                                                                                        • API String ID: 3446177414-0
                                                                                                        • Opcode ID: 1335d3f3fd0043ece2696e4a52b6effdcafd5e3a66c637776aea55f325f28a5d
                                                                                                        • Instruction ID: 1ac8d57679b9142e4677d483ceecd0ae41c558dbdeadcc03ea4e8ed306aa4e01
                                                                                                        • Opcode Fuzzy Hash: 1335d3f3fd0043ece2696e4a52b6effdcafd5e3a66c637776aea55f325f28a5d
                                                                                                        • Instruction Fuzzy Hash: 0EB112B56093408FD355CF28C481A5AFBF1BF88708F54896EF8998B352D771E845CB92
                                                                                                        Function 32E37623 Relevance: 1.7, APIs: 1, Instructions: 179COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 364cc94aa51f31eafbb1d6a1ac28f4e683142ef28ac6b311c9700dfb74a38d76
                                                                                                        • Instruction ID: ed11a81547acdd3b24498f6800e7692fa780389cdeea37e75e65966d47f2450b
                                                                                                        • Opcode Fuzzy Hash: 364cc94aa51f31eafbb1d6a1ac28f4e683142ef28ac6b311c9700dfb74a38d76
                                                                                                        • Instruction Fuzzy Hash: DA618D79A01606AFDB09CF68C481A9DFBB5FF88745F24C26AE519A7300DB70A941DF90
                                                                                                        Function 32E34779 Relevance: 1.6, APIs: 1, Instructions: 111timeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DebugPrintTimes
                                                                                                        • String ID:
                                                                                                        • API String ID: 3446177414-0
                                                                                                        • Opcode ID: 9db5a66a49642b49653153b1b12968f1dd3c27851b388253a26eb7fac97a2411
                                                                                                        • Instruction ID: 7f08efbb67f70d82e5a11b27fc796a9cab9c33555f556b10ee0b8263f14d8710
                                                                                                        • Opcode Fuzzy Hash: 9db5a66a49642b49653153b1b12968f1dd3c27851b388253a26eb7fac97a2411
                                                                                                        • Instruction Fuzzy Hash: 684108766123818FD316CF14D895B2ABBE5FF8175AF50842DFA41872A0DB70D841CB91
                                                                                                        Function 32E2B420 Relevance: 1.6, APIs: 1, Instructions: 100timeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DebugPrintTimes
                                                                                                        • String ID:
                                                                                                        • API String ID: 3446177414-0
                                                                                                        • Opcode ID: 66194ad776a6b6cc1d792f1afa4f2855e54601d09157ffac59a5a274d0009fac
                                                                                                        • Instruction ID: edc7206a70e9637003429b8926a4a40456fe91150108ad4a1fdc24261afc7be7
                                                                                                        • Opcode Fuzzy Hash: 66194ad776a6b6cc1d792f1afa4f2855e54601d09157ffac59a5a274d0009fac
                                                                                                        • Instruction Fuzzy Hash: 36314F725503049FC311EF14C882B5AB7A9EF45768F51826DED468F291EB31ED42CBD0
                                                                                                        Function 32E356E0 Relevance: 1.6, APIs: 1, Instructions: 92timeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DebugPrintTimes
                                                                                                        • String ID:
                                                                                                        • API String ID: 3446177414-0
                                                                                                        • Opcode ID: eb867a91965dfea92bc482abc5ea7b09bddb898ac517451b83d640ee546e8886
                                                                                                        • Instruction ID: 727672dd676a91b0f189a5c56605132cc52f3b8ead5f7e3206808a44c41b41ed
                                                                                                        • Opcode Fuzzy Hash: eb867a91965dfea92bc482abc5ea7b09bddb898ac517451b83d640ee546e8886
                                                                                                        • Instruction Fuzzy Hash: 9931CF39212A05FFE7568B20CA81B99BBA5FF88345F809055ED1087F51CB75E830CF80
                                                                                                        Function 32EDE750 Relevance: 1.6, APIs: 1, Instructions: 91timeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DebugPrintTimes
                                                                                                        • String ID:
                                                                                                        • API String ID: 3446177414-0
                                                                                                        • Opcode ID: 5657dc790771f4945c2940b8aa584b12bdd0694f35bd53e4978e2466fd219009
                                                                                                        • Instruction ID: 122e980a75af8e0a1daa9f0b5b926f2e77e01e018a6346bf66fe02ba34f885e1
                                                                                                        • Opcode Fuzzy Hash: 5657dc790771f4945c2940b8aa584b12bdd0694f35bd53e4978e2466fd219009
                                                                                                        • Instruction Fuzzy Hash: 5B3178B9549302CFC700DF19C44594ABBE2FF8A758F4889AEE8889B241D730DD06CBD2
                                                                                                        Function 32EBA130 Relevance: 1.5, APIs: 1, Instructions: 40timeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DebugPrintTimes
                                                                                                        • String ID:
                                                                                                        • API String ID: 3446177414-0
                                                                                                        • Opcode ID: bd938a26f241bfa4aad3f08beb188d1df29b8701b65fc0c4799eac93fded6565
                                                                                                        • Instruction ID: f8599c6a48a849cbbc9c31429f30cb1ca645853cb6ca57d176406b0a1fcde043
                                                                                                        • Opcode Fuzzy Hash: bd938a26f241bfa4aad3f08beb188d1df29b8701b65fc0c4799eac93fded6565
                                                                                                        • Instruction Fuzzy Hash: 3001573A115259ABDF029F84CC41EDA7F66FF4C794F068111FE2866220C636D9B1EF90
                                                                                                        Function 32E292AF Relevance: 1.5, APIs: 1, Instructions: 35timeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DebugPrintTimes
                                                                                                        • String ID:
                                                                                                        • API String ID: 3446177414-0
                                                                                                        • Opcode ID: e022e8b85975e46784e8f3e26a199a380764f8b7e3c102bf6a41f4a1e79335e2
                                                                                                        • Instruction ID: 7ed415b4b20ab74971d1424c38316d9ec6d1dd5ab9dc586154707b4d424e4062
                                                                                                        • Opcode Fuzzy Hash: e022e8b85975e46784e8f3e26a199a380764f8b7e3c102bf6a41f4a1e79335e2
                                                                                                        • Instruction Fuzzy Hash: A6F0FA32200700AFD331EB09DC06F8ABBEDEF81B04F24052CB94693090CAA0E909C6A0
                                                                                                        Function 32E3965A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: @
                                                                                                        • API String ID: 0-2766056989
                                                                                                        • Opcode ID: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
                                                                                                        • Instruction ID: e3cfd32d6f05e164f77d773b1232cb87c3c36c0c28dee3b0f727e8420613ca10
                                                                                                        • Opcode Fuzzy Hash: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
                                                                                                        • Instruction Fuzzy Hash: B0615E75D02219ABDF12CFA9C842BDEBBF4EF84759F10856AE910B7290DB758D01CB90
                                                                                                        Function 32E402F9 Relevance: 1.4, Strings: 1, Instructions: 184COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: #%u
                                                                                                        • API String ID: 0-232158463
                                                                                                        • Opcode ID: f6cea536833ea31fcdeae17e6a95b1695ce980e14bb155f8f8bcb29e4c1d4e00
                                                                                                        • Instruction ID: 28bdbf2ab0fdb6c81167cf758c8fc9c74fd7f0eaf2bd2b9fdc9aab68d171d2a3
                                                                                                        • Opcode Fuzzy Hash: f6cea536833ea31fcdeae17e6a95b1695ce980e14bb155f8f8bcb29e4c1d4e00
                                                                                                        • Instruction Fuzzy Hash: 80714E76A10209DFDB05CF99D992BEEB7F8EF08748F158066E900E7251EB74E941CB60
                                                                                                        Function 32EBF42F Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: @
                                                                                                        • API String ID: 0-2766056989
                                                                                                        • Opcode ID: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
                                                                                                        • Instruction ID: 5e608d0a4fe06d2e6848b96012cc764c6970e446192887cc2c77afae85027018
                                                                                                        • Opcode Fuzzy Hash: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
                                                                                                        • Instruction Fuzzy Hash: 9451CDB2519745AFEB218FA4C842F5BB7E8FF84758F408929F94097290DBB0DD04CB91
                                                                                                        Function 32E641BB Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: @
                                                                                                        • API String ID: 0-2766056989
                                                                                                        • Opcode ID: c43e4f6ca914e096b0bb6f6f892f888bfe98aaa5ba337e83ae16dc3185e72182
                                                                                                        • Instruction ID: 3b557cb15d809c3c34fea3b85977e8062363a7cb27d6610737c1ce037601063e
                                                                                                        • Opcode Fuzzy Hash: c43e4f6ca914e096b0bb6f6f892f888bfe98aaa5ba337e83ae16dc3185e72182
                                                                                                        • Instruction Fuzzy Hash: 49519E725047109FD321CF29C842A6BB7F8FF48714F00892EFA95976A0EBB4D954CB91
                                                                                                        Function 32EAC3B0 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: BinaryHash
                                                                                                        • API String ID: 0-2202222882
                                                                                                        • Opcode ID: 6210512db49f2680a029ebdd787cc4aaab99834fbb4a5e32f7ecf798b6799f52
                                                                                                        • Instruction ID: 9234f44ec9561fd91df9402190d18584447cd5697376bc2a8c6f8c79f1c602f4
                                                                                                        • Opcode Fuzzy Hash: 6210512db49f2680a029ebdd787cc4aaab99834fbb4a5e32f7ecf798b6799f52
                                                                                                        • Instruction Fuzzy Hash: F04146B191012C9BDB21DA54DC92FDE777CEF44718F0085E5FA08AB140DB709E898FA4
                                                                                                        Function 32E307A7 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 2
                                                                                                        • API String ID: 0-3017109490
                                                                                                        • Opcode ID: bc95f8d7e8deff1652339e3a26463cda3c49dc92b1947acffe3c35f7513bcd4d
                                                                                                        • Instruction ID: 9caf3e611f646c2a6ae79a2a52db1de01ed436e5c7c97951e82468c33e61fa79
                                                                                                        • Opcode Fuzzy Hash: bc95f8d7e8deff1652339e3a26463cda3c49dc92b1947acffe3c35f7513bcd4d
                                                                                                        • Instruction Fuzzy Hash: 8741D671612701DFD329CF28D881A12B7F5FF4870AB50C96DEA9687A50EB70E445CF90
                                                                                                        Function 32EB9429 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: verifier.dll
                                                                                                        • API String ID: 0-3265496382
                                                                                                        • Opcode ID: d50072999e2bda567996c00da1777adbfb6830898b18fab1a656dcdacc7bac85
                                                                                                        • Instruction ID: 80444ed5e59c9ccd3a7045a468c3c7dc024797949c23fa20a86e3065ae8206ad
                                                                                                        • Opcode Fuzzy Hash: d50072999e2bda567996c00da1777adbfb6830898b18fab1a656dcdacc7bac85
                                                                                                        • Instruction Fuzzy Hash: 0A31C7B96553019FEB148F2CD892B3673E5EF49758F91C42AE904DF381EA718D818BA0
                                                                                                        Function 32E67425 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: #
                                                                                                        • API String ID: 0-1885708031
                                                                                                        • Opcode ID: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                                                                                        • Instruction ID: 9bb6ae6ca91bc0e5f02de8e9ac7749e4454c991dc75b39d010053720d1ed0ec7
                                                                                                        • Opcode Fuzzy Hash: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                                                                                        • Instruction Fuzzy Hash: F641E076A0061ADBDF15CF88C892BBEBBB4FF40749F00809AE840AB600DB34D941D7A1
                                                                                                        Function 32E6360F Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: Flst
                                                                                                        • API String ID: 0-2374792617
                                                                                                        • Opcode ID: 2dc312e72af172b208f98166dc5d10536de1f2da7c9f4bad6f04e6132b72d48e
                                                                                                        • Instruction ID: be9e776309813002d04ca4fe2fbed0e9c268d7d04bfa61dd91fc3c61112ab290
                                                                                                        • Opcode Fuzzy Hash: 2dc312e72af172b208f98166dc5d10536de1f2da7c9f4bad6f04e6132b72d48e
                                                                                                        • Instruction Fuzzy Hash: FD4196B56053019FD304CF18C191A2ABBE5EB89B18F10C1AEE8589F281DB71D846CB92
                                                                                                        Function 32E296E0 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DebugPrintTimes
                                                                                                        • String ID: 3Cw3Cw
                                                                                                        • API String ID: 3446177414-3326805187
                                                                                                        • Opcode ID: 7e1bb4284b57c9072a6f5c2e70d936709cb1f33c10df10d353cb01cb12784da6
                                                                                                        • Instruction ID: dc21d0a064548963f8bbdfae958f61bf032d428c8cf8a5fe86462a16a841d7d0
                                                                                                        • Opcode Fuzzy Hash: 7e1bb4284b57c9072a6f5c2e70d936709cb1f33c10df10d353cb01cb12784da6
                                                                                                        • Instruction Fuzzy Hash: A521F57A500710AFD7219F54C441B5A77B4FF85B58F258C69EA569B340DE70DD00CBD0
                                                                                                        Function 32EAC6F2 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: BinaryName
                                                                                                        • API String ID: 0-215506332
                                                                                                        • Opcode ID: d241c50c1bad7892c4343156273fd325f85f9650fadf9e525c6d4c9d2241caed
                                                                                                        • Instruction ID: d107a99aed21d19af107435e627216a8ebc8f4dc4ad4613f603fb98a829fd2d4
                                                                                                        • Opcode Fuzzy Hash: d241c50c1bad7892c4343156273fd325f85f9650fadf9e525c6d4c9d2241caed
                                                                                                        • Instruction Fuzzy Hash: EC31D47A900625AFEB16CA6CC866EABB774EF80724F11C169F910AF250DB309E04C790
                                                                                                        Function 32E8717A Relevance: .7, Instructions: 705COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 17af57c73773d7feb600513658e4ce76ea252494a10275dfcbaa6961b9733243
                                                                                                        • Instruction ID: 00a6abff33ae8ad3179401049ceaa3f0e245229d09af83ea658b0dc59d3062dc
                                                                                                        • Opcode Fuzzy Hash: 17af57c73773d7feb600513658e4ce76ea252494a10275dfcbaa6961b9733243
                                                                                                        • Instruction Fuzzy Hash: A142B579A006258FDB08CF59C4916AEB7B2FF88758F14C55DE899AB340DB34EC42DB90
                                                                                                        Function 32E5B1E0 Relevance: .6, Instructions: 629COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 66474ef220a4c79ba906ca2b23fa7010723b45eb2399233fae96b4a44082de5b
                                                                                                        • Instruction ID: 12fb5979980c33fd71df42554d1a15e2fd399a2f1e1b77bde4575859fe77aeaa
                                                                                                        • Opcode Fuzzy Hash: 66474ef220a4c79ba906ca2b23fa7010723b45eb2399233fae96b4a44082de5b
                                                                                                        • Instruction Fuzzy Hash: B532C2B5E10219DBDB14CF98D882BAEBBB1FF54748F24806DE805AB394DB759901CB90
                                                                                                        Function 32E42760 Relevance: .6, Instructions: 605COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f57e2481b016b3c5329e64a1604190c6f523264509a841689bf55d20fd41d1d0
                                                                                                        • Instruction ID: 353390e938837b52235c66e3fe4212b3c750c7d57aeca3e6070c997b1c499c26
                                                                                                        • Opcode Fuzzy Hash: f57e2481b016b3c5329e64a1604190c6f523264509a841689bf55d20fd41d1d0
                                                                                                        • Instruction Fuzzy Hash: 7832C074A007548FEB14CFA5C8527AEB7F2BF85748F20C51FE8499B284DB79A842CB50
                                                                                                        Function 32E28347 Relevance: .4, Instructions: 380COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 017c1376885e70616e11f8e3d6505a4f2a032c5518a7d3de2a7753fa5f1fe6b9
                                                                                                        • Instruction ID: 02261462bcf59e8099d0fd4816eb161047214362fca6f9eb7906b10407a058d3
                                                                                                        • Opcode Fuzzy Hash: 017c1376885e70616e11f8e3d6505a4f2a032c5518a7d3de2a7753fa5f1fe6b9
                                                                                                        • Instruction Fuzzy Hash: C0D1EE71A003068FEB08DF64D882BAE73B5AF54748F44C12DF966DB280EB70E945CB60
                                                                                                        Function 32E3D700 Relevance: .3, Instructions: 342COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: e83eb503b7a29ac41e6bc9aabc1b4b085675dbc49c672a98244cfd32182abe7e
                                                                                                        • Instruction ID: 4fa7ff57c9835c8c687c81b4ce2c57fa68de3af73d3ef77958d8d394067b1770
                                                                                                        • Opcode Fuzzy Hash: e83eb503b7a29ac41e6bc9aabc1b4b085675dbc49c672a98244cfd32182abe7e
                                                                                                        • Instruction Fuzzy Hash: 28C1C475A013069FEB19CF99C842BEEB7B5EF44719F14C269E914EB280DB74E941CB80
                                                                                                        Function 32E71763 Relevance: .3, Instructions: 322COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 9e908939a2fc5faa184036a2b40662dae64073d4e269a782af9f073cdcef3180
                                                                                                        • Instruction ID: 244d74df8b11cdd29a1c0ae48526602508343e8255c7af536cea27d3b34cb132
                                                                                                        • Opcode Fuzzy Hash: 9e908939a2fc5faa184036a2b40662dae64073d4e269a782af9f073cdcef3180
                                                                                                        • Instruction Fuzzy Hash: 1DD102B5900604DFDB45CF68C991B8A7BE9FF09744F1480BAED099F216EB70D905CBA0
                                                                                                        Function 32E4F380 Relevance: .3, Instructions: 321COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2b92cb7b6789fc89d168b31b2c358ff82dea37dc4ca862df56d1dca8071b3d7a
                                                                                                        • Instruction ID: dcf345e27dc27e979f40c5c4b0001e0cfb3b8a80b84e021a5ee92e92e0e405cd
                                                                                                        • Opcode Fuzzy Hash: 2b92cb7b6789fc89d168b31b2c358ff82dea37dc4ca862df56d1dca8071b3d7a
                                                                                                        • Instruction Fuzzy Hash: D8C1E379A012208BEB18CF58E492779B7A1FB44F48F56C199E845AB395DF388D41CBA0
                                                                                                        Function 32E337E4 Relevance: .3, Instructions: 303COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c906140fddf795362e94872d424e240ac2dea55e5f7f0158bc54cb5d2fea9846
                                                                                                        • Instruction ID: 508c648120231b5375afe4dab92cea7a43f862fdc9c806896d595b7797d586f5
                                                                                                        • Opcode Fuzzy Hash: c906140fddf795362e94872d424e240ac2dea55e5f7f0158bc54cb5d2fea9846
                                                                                                        • Instruction Fuzzy Hash: 38C166B59027049FDB16CF98C841A9EBBF4FF48705F15846AE61AAB350EB309901CF90
                                                                                                        Function 32E40445 Relevance: .3, Instructions: 300COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
                                                                                                        • Instruction ID: 04801e4b80a6fdc850b9a1fae4d8892a405161ef35ce98381407b647c51db847
                                                                                                        • Opcode Fuzzy Hash: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
                                                                                                        • Instruction Fuzzy Hash: 32B147766007459FEB19CBA4C852BAEBBFAEF84308F1481A9E951DB641DF34DE40CB50
                                                                                                        Function 32E382E0 Relevance: .3, Instructions: 281COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c61dd4431991eccc11f8d1d4792266a787c9c24e9b6715b5e26a23d7a48db714
                                                                                                        • Instruction ID: e364430cf557da4d4dc3d3d2fddf9c535242b1f336812c188b96be84439d4fb0
                                                                                                        • Opcode Fuzzy Hash: c61dd4431991eccc11f8d1d4792266a787c9c24e9b6715b5e26a23d7a48db714
                                                                                                        • Instruction Fuzzy Hash: AFC14A781093408FE764CF15C495BAAB7E5BF88748F40895EE9898B690D7B4E908CF52
                                                                                                        Function 32E2C3C7 Relevance: .3, Instructions: 280COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a57c19792061c68549b407b4a7caeb5a83a60cd6396c4b2144617f9fadd7dbb0
                                                                                                        • Instruction ID: 34778a29f7da99f60af9d80f96d7a88633fcbf26a82519684fe8987ebdf1021f
                                                                                                        • Opcode Fuzzy Hash: a57c19792061c68549b407b4a7caeb5a83a60cd6396c4b2144617f9fadd7dbb0
                                                                                                        • Instruction Fuzzy Hash: 83B1AF74A003658FDB24DF64C891BA9B3F5AF44744F01C5EAE94EA7280EB71DD85CB20
                                                                                                        Function 32E700A5 Relevance: .3, Instructions: 276COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: b1b0d009f7ac09d1ed3226be1fdd6b38d421953abcec296dee2bad0dc39b50ca
                                                                                                        • Instruction ID: 84f1f9784abc96a3dc1978e2c8145f8090d5b1453c0da002c3e67a5012cda1d8
                                                                                                        • Opcode Fuzzy Hash: b1b0d009f7ac09d1ed3226be1fdd6b38d421953abcec296dee2bad0dc39b50ca
                                                                                                        • Instruction Fuzzy Hash: 9BA1E179B01715EFEB18CF69C992BAAB3B1FF44759F508029ED059B281DB74E801CB90
                                                                                                        Function 32F04080 Relevance: .3, Instructions: 275COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: b68e63edd8f58dbfce15d9c5823daef57cbb22cd477b76652565fffd9b978b15
                                                                                                        • Instruction ID: 1d85b77ee8e932df86fae06007f46131c07eb5a326e249c5b54d7083af56658d
                                                                                                        • Opcode Fuzzy Hash: b68e63edd8f58dbfce15d9c5823daef57cbb22cd477b76652565fffd9b978b15
                                                                                                        • Instruction Fuzzy Hash: 04A1ABB2614B01AFE715CF24D981B4AB7E9FF48708F418928FA85AB650CB74EC51DF90
                                                                                                        Function 32E4E310 Relevance: .3, Instructions: 261COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 1cccf689204b0f46c394e6aa9803e6210a7cf000fb26ad9959af37bdd854e347
                                                                                                        • Instruction ID: d285f33a94bdfc923a35e0f8b85a95286970eaa1dceaf731b82a2702a6af7ce4
                                                                                                        • Opcode Fuzzy Hash: 1cccf689204b0f46c394e6aa9803e6210a7cf000fb26ad9959af37bdd854e347
                                                                                                        • Instruction Fuzzy Hash: E8913779A007108BE7148B69E482BAD77B1EF8875CF59C4AAED009B340DE389941CBA1
                                                                                                        Function 32E393A6 Relevance: .3, Instructions: 259COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c891c7769f76fd2507c119b695282975031a30fc061837a54f474f30ea9cdf39
                                                                                                        • Instruction ID: a5e32de7dddecb0a32441765293105fc209efbe8d8dcd4b46b55c1566bc319ad
                                                                                                        • Opcode Fuzzy Hash: c891c7769f76fd2507c119b695282975031a30fc061837a54f474f30ea9cdf39
                                                                                                        • Instruction Fuzzy Hash: F3B18CB9902705CFDB16CF28D482798B7B0BF8936DF10C55ADA219B291DB74D882CF90
                                                                                                        Function 32E37290 Relevance: .2, Instructions: 247COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 661c09905e4fb25ce643de20c762d262fd44fabd6ae4cb180a031edb9b2e52bc
                                                                                                        • Instruction ID: d5c381636526c92a8a62646f20ac75807c2e1ca5e712bae1846e2c9d3d416776
                                                                                                        • Opcode Fuzzy Hash: 661c09905e4fb25ce643de20c762d262fd44fabd6ae4cb180a031edb9b2e52bc
                                                                                                        • Instruction Fuzzy Hash: BDA15775609342DFD305CF28C481A1ABBE5FF88759F10896EEA849B350EB70E945CF92
                                                                                                        Function 32EEB0AF Relevance: .2, Instructions: 222COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                                                                        • Instruction ID: 8e56c94c9f5f8e9abe61421267c4554cfa541600647686e240a923f1ac44fd4b
                                                                                                        • Opcode Fuzzy Hash: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                                                                        • Instruction Fuzzy Hash: 2E71CE35E0221A8BDB00CE95C483BAFB3B5BF44798F94811EEC02AB204EB74D941C7A0
                                                                                                        Function 32E6E1A4 Relevance: .2, Instructions: 212COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 982a29a28ee18fb81ac31ffe2b924c44be9046e15dbce0194437fd850b266469
                                                                                                        • Instruction ID: 4aa2a0685deb79d04bf5e5a0bacadfa5cccef81972adc0b4f78aaccd04dbe57a
                                                                                                        • Opcode Fuzzy Hash: 982a29a28ee18fb81ac31ffe2b924c44be9046e15dbce0194437fd850b266469
                                                                                                        • Instruction Fuzzy Hash: E1818F71940609DFEB15CFA4C891FEAB7FAFF48358F148429E555A7250DB30AC05DBA0
                                                                                                        Function 32E377F9 Relevance: .2, Instructions: 164COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 9b938257cdc204cc001a35be6d875f486d9d9b0e348478cd4f510713b502e5f8
                                                                                                        • Instruction ID: 78ab75ee9135a9ed1edc48b66c54df4a2f877e89db3aff6c7836157b5d87c3f6
                                                                                                        • Opcode Fuzzy Hash: 9b938257cdc204cc001a35be6d875f486d9d9b0e348478cd4f510713b502e5f8
                                                                                                        • Instruction Fuzzy Hash: 46518974A09341CFD315CF29C081A2ABBE5FB89744F518A6EFA9897300DB70E844DF82
                                                                                                        Function 32E2B273 Relevance: .2, Instructions: 161COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: da7ac05468b2fc7b9729a3b89a536328a37aac97fb1fd905cc912fb156566029
                                                                                                        • Instruction ID: f05c0572febdf19bb9b471adc2816773b42272f9678ebda53b806479170d424c
                                                                                                        • Opcode Fuzzy Hash: da7ac05468b2fc7b9729a3b89a536328a37aac97fb1fd905cc912fb156566029
                                                                                                        • Instruction Fuzzy Hash: 254157752407009FD71AAF19DA42B1BB7A8EF45B58F51C42EFA4ADB290DBB0DC41CB80
                                                                                                        Function 32E6B490 Relevance: .2, Instructions: 161COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4cb1bcd351ab16c81e3f151171a82af49afef6dcaf9a671e227ae6b157fdf796
                                                                                                        • Instruction ID: 5680efa1899f1e937e4360800705f34d182774a18ef474960142ae2aba00558e
                                                                                                        • Opcode Fuzzy Hash: 4cb1bcd351ab16c81e3f151171a82af49afef6dcaf9a671e227ae6b157fdf796
                                                                                                        • Instruction Fuzzy Hash: 485102B51113019BE324DF64CC92F6B77E8EF81768F108A2DF911AB291DBB0D841CBA1
                                                                                                        Function 32E594FA Relevance: .2, Instructions: 160COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: df780d07b946fcb016af9902a83f71df95fee185d749108dc1cd9c541b4bafcc
                                                                                                        • Instruction ID: daaf0fdc30ddeed70b91f5cc5118c9853c1c37e81919200b578d72654afbbb5a
                                                                                                        • Opcode Fuzzy Hash: df780d07b946fcb016af9902a83f71df95fee185d749108dc1cd9c541b4bafcc
                                                                                                        • Instruction Fuzzy Hash: EE51BD70914319AFEF219FA4CC82BDDBBB8FF01344F60802AE994A7151DBB58964DB50
                                                                                                        Function 32E43660 Relevance: .2, Instructions: 159COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 65a0340be46e9591d279b20f731af8c8433fba4edf9a4f6339212ad472ce9cc0
                                                                                                        • Instruction ID: 3f1fc6e5b866079e35ef7c6eb057d3096842a9747b164b94fc761c99b66785e0
                                                                                                        • Opcode Fuzzy Hash: 65a0340be46e9591d279b20f731af8c8433fba4edf9a4f6339212ad472ce9cc0
                                                                                                        • Instruction Fuzzy Hash: 9B51F1B9A106569FD301CF68E486B5AB7B0FF04718FA181A5E884DB740DF34E991CBC0
                                                                                                        Function 32E6E363 Relevance: .2, Instructions: 158COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 284424bef88dc9459b485f02b2b9bf3156150c155c96370b0b62b7a1714e816e
                                                                                                        • Instruction ID: 15c7cb8fa656e9309f44797a6ed3dfde118a28c61679a79d202f23553769914b
                                                                                                        • Opcode Fuzzy Hash: 284424bef88dc9459b485f02b2b9bf3156150c155c96370b0b62b7a1714e816e
                                                                                                        • Instruction Fuzzy Hash: 4F519C75240A04DFD721DF64C9A2FAAB3F9FF08788F548829E651976A0DB70ED41CB90
                                                                                                        Function 32E544D1 Relevance: .2, Instructions: 156COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
                                                                                                        • Instruction ID: 2170c380a69e3c5dd4fe69368a9fedf1cc50079fb5d60d1d232226dd9e92f0d0
                                                                                                        • Opcode Fuzzy Hash: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
                                                                                                        • Instruction Fuzzy Hash: 77518272D10209ABDF15CF95C452BEE7BF5AF44758F24C06AE901AB240DBB4D944CBA0
                                                                                                        Function 32EF86A8 Relevance: .2, Instructions: 152COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 28a2ed72c1eee6bada7240c1016670af70891dc9d46bed498253d43a6ca7c1c8
                                                                                                        • Instruction ID: 2396c301e08f4322ad4e38563fa81d0671323468ac228b0c93922ae29984736f
                                                                                                        • Opcode Fuzzy Hash: 28a2ed72c1eee6bada7240c1016670af70891dc9d46bed498253d43a6ca7c1c8
                                                                                                        • Instruction Fuzzy Hash: 9D41F875710740BBD715CA26D893B6BB79AEF807A8F82C218F815C72C0DF76D821C691
                                                                                                        Function 32E3510D Relevance: .1, Instructions: 149COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 70e6de91e313624d6af9ed9a4b4db30cc62469db37667ddb113a2e1029b2b17f
                                                                                                        • Instruction ID: 6ef3b853841bea119c28d689d9d735e350f9e76d9999704addcedfa26846fb77
                                                                                                        • Opcode Fuzzy Hash: 70e6de91e313624d6af9ed9a4b4db30cc62469db37667ddb113a2e1029b2b17f
                                                                                                        • Instruction Fuzzy Hash: 09518E75A12715DFEB13CBA8C842BDDB3B4BB0979AF508419EA24F7350DBB49840CB60
                                                                                                        Function 32B204DE Relevance: .1, Instructions: 148COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227588558.0000000032B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 32B20000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32b20000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2496161531caf1ee288c236aeb9e6b9a8fe68de0b78c80a87773afa53ce124c0
                                                                                                        • Instruction ID: 7ef5a1572c5f0dcccacff49a3e9b383fbff314e098111d78e919b2df15ad514a
                                                                                                        • Opcode Fuzzy Hash: 2496161531caf1ee288c236aeb9e6b9a8fe68de0b78c80a87773afa53ce124c0
                                                                                                        • Instruction Fuzzy Hash: 5141047161CB1D4FD368AF68D4816A6B3E6FB98304F500A2DC9CEC3652EB74E8468785
                                                                                                        Function 32E6F63F Relevance: .1, Instructions: 143COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4ce4c41189fffa8070d0cce0a25a4ee79ae07e51058e7602a879e321cb491ed4
                                                                                                        • Instruction ID: 4f5c90b171d0e901dd9b795582aea53327e1496a9e16c60da8d0ba6e1c733fee
                                                                                                        • Opcode Fuzzy Hash: 4ce4c41189fffa8070d0cce0a25a4ee79ae07e51058e7602a879e321cb491ed4
                                                                                                        • Instruction Fuzzy Hash: C941B4B6D00229ABDB15EBD89842AEFB7BCEF04758F558066F904F7200DA75DE0187E0
                                                                                                        Function 32E6A350 Relevance: .1, Instructions: 139COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: e9ec23e670e999a2fcc0403957bee332c45eb423636170600c40683d6636d2f1
                                                                                                        • Instruction ID: f9028706d5ec0e05544dfafad7192fe7c5487edc3c1faf87d4b89fdd3cf17f8f
                                                                                                        • Opcode Fuzzy Hash: e9ec23e670e999a2fcc0403957bee332c45eb423636170600c40683d6636d2f1
                                                                                                        • Instruction Fuzzy Hash: BF410579BD13009BEB08DE68C893B6A7760EB42B4CF12D46DFD01AB280DAA19841C7D0
                                                                                                        Function 32F03157 Relevance: .1, Instructions: 139COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f8e46193db8e3b5b16c475c6b7e0eac9c3dab9cb937863f6c3e187fb8c66faf7
                                                                                                        • Instruction ID: 6292010682452c764d9a2fbb2772c49468826a91bc1a81500822550a585ea21e
                                                                                                        • Opcode Fuzzy Hash: f8e46193db8e3b5b16c475c6b7e0eac9c3dab9cb937863f6c3e187fb8c66faf7
                                                                                                        • Instruction Fuzzy Hash: 60519B71600646EFEB05CF54C580A46BBF5FF49308F15C8AAE9089F212E7B1EA85CF90
                                                                                                        Function 32E60118 Relevance: .1, Instructions: 138COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 91f76d79a0264999cd52714f13d9f8dc7d72237a140d38a43388e3bc2ceed2f7
                                                                                                        • Instruction ID: c9b920337fb55d3319c5801287deb820cea256372404bc78d8ea7e3097d41694
                                                                                                        • Opcode Fuzzy Hash: 91f76d79a0264999cd52714f13d9f8dc7d72237a140d38a43388e3bc2ceed2f7
                                                                                                        • Instruction Fuzzy Hash: AA41C97A9513289BDB04CF98C441AFEB7B4BF4870DF10C16AE819AB251EB718D41CBA4
                                                                                                        Function 32E3D454 Relevance: .1, Instructions: 138COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 6f316a02d9c0c5ec3898c18e86517858dece73c349d323dcd56209198dafcd0c
                                                                                                        • Instruction ID: 810776df1358515507e21d091986550f59fd3595842e78cecd249d5f64a3d069
                                                                                                        • Opcode Fuzzy Hash: 6f316a02d9c0c5ec3898c18e86517858dece73c349d323dcd56209198dafcd0c
                                                                                                        • Instruction Fuzzy Hash: 64510176605780CFD716CB58C452B9A73E5AF41BA9F4584A6F9008B2A1DB38DD40CB61
                                                                                                        Function 32E72670 Relevance: .1, Instructions: 137COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 8fd0a5f2762dd745ba5669188cfb5c9e769348eda0ea92eb7f570bc0a37b51c8
                                                                                                        • Instruction ID: 749c358d4c5f95ac70b38cc451c13d707fdf4be5bf45ba71c856c5bd67b328fe
                                                                                                        • Opcode Fuzzy Hash: 8fd0a5f2762dd745ba5669188cfb5c9e769348eda0ea92eb7f570bc0a37b51c8
                                                                                                        • Instruction Fuzzy Hash: 77515D79E00255DFDB05CF99C491AAEF7B1FF84718F2481A9D819AB350D731AE81CBA0
                                                                                                        Function 32E36074 Relevance: .1, Instructions: 133COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 29db78cf8f8a1f0a22c81032a65ba71cc1120b6e5db13b236b7409d169ff67d7
                                                                                                        • Instruction ID: fab1f21eafe2c9d831e67576c7b527c6ae3aaffd3c9bf6739d31e1f370ec0a65
                                                                                                        • Opcode Fuzzy Hash: 29db78cf8f8a1f0a22c81032a65ba71cc1120b6e5db13b236b7409d169ff67d7
                                                                                                        • Instruction Fuzzy Hash: BB51F874941316DFDB66CB24CC02BE9B7B0EF01319F50C2AAE518972C1DBB49981CF94
                                                                                                        Function 32E2B0D6 Relevance: .1, Instructions: 131COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: faeb740b56dc381d662ed750ba1c6882a4a07e20700e5a28a185582f8ad8c5ec
                                                                                                        • Instruction ID: a12b6d205e8ab8c69f25954bdc5ba90785b9e9482def909fc6be6ab12322f3dc
                                                                                                        • Opcode Fuzzy Hash: faeb740b56dc381d662ed750ba1c6882a4a07e20700e5a28a185582f8ad8c5ec
                                                                                                        • Instruction Fuzzy Hash: D541D2B4690721EFE715EF65C852B5AB7E8EF01B88F00C829F945DB250DBB0D940CBA0
                                                                                                        Function 32EF81EE Relevance: .1, Instructions: 129COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                        • Instruction ID: 9cead7745c9efdd098eddaab270f46d307345ce51ed1ecba04683ce12eab4d6a
                                                                                                        • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                        • Instruction Fuzzy Hash: C041E775B10205BBEB04CF95E882AAFB7BAEF88744F56C069E805A7341DB71DE10C760
                                                                                                        Function 32E5A390 Relevance: .1, Instructions: 127COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a8a298512dd495423ba1b75d2fb73a71d2e1abff31f1ce086d94ca6861a2dc38
                                                                                                        • Instruction ID: a26fad79c2056f0418edf4d8fbc3ba33c681b4decf0a6a88ab0669e9bb32aa60
                                                                                                        • Opcode Fuzzy Hash: a8a298512dd495423ba1b75d2fb73a71d2e1abff31f1ce086d94ca6861a2dc38
                                                                                                        • Instruction Fuzzy Hash: 3E41DD79951714CFDB05DFA4C8527ADB7B0FB49758F21855AE800AB390DF74D841CBA0
                                                                                                        Function 32E5D600 Relevance: .1, Instructions: 126COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 018f06d01fd87569a47dc208a565dccfdf60a0b0d17aa58d5115ad1073e2abab
                                                                                                        • Instruction ID: 2f2249c072e47139382944e87b340ca4d872a9c76d1e496255dcd8297755eb4f
                                                                                                        • Opcode Fuzzy Hash: 018f06d01fd87569a47dc208a565dccfdf60a0b0d17aa58d5115ad1073e2abab
                                                                                                        • Instruction Fuzzy Hash: 1E4124B5111300DFD324DF69C882FAAB7A8EF51764F118A2EF91557290CBB4E841CBD2
                                                                                                        Function 32E60630 Relevance: .1, Instructions: 121COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: db222aff31ac99bbcf2dda992de91452d5bad2b8758ffabb997b8c49cee3dcdf
                                                                                                        • Instruction ID: 92bdce24168aac9db439c8567e76eaf85d400616284b8dd03a585885ad81c234
                                                                                                        • Opcode Fuzzy Hash: db222aff31ac99bbcf2dda992de91452d5bad2b8758ffabb997b8c49cee3dcdf
                                                                                                        • Instruction Fuzzy Hash: C5418AB1A40715EFDB24CF98C981AAAB7F4FF48309B20896DE552E7650DB30EA04CF50
                                                                                                        Function 32EFD7A7 Relevance: .1, Instructions: 120COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 1235e960668e1bd8093ff09276028d7be4703abb16c61816ab9ce38f4f4e09e2
                                                                                                        • Instruction ID: 960f6564215945f147419b0db49288fcc036911c8a8a7f73855614538964f5c8
                                                                                                        • Opcode Fuzzy Hash: 1235e960668e1bd8093ff09276028d7be4703abb16c61816ab9ce38f4f4e09e2
                                                                                                        • Instruction Fuzzy Hash: 6D4121B1604340AFD315CFA9C882B1BBBE5EBC4B58F06852CE88687381DF76D845C791
                                                                                                        Function 32E61796 Relevance: .1, Instructions: 112COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 27b2385deba71695c99c6efedd72b086a9f111dfc2c109945d4af995ba379384
                                                                                                        • Instruction ID: afd0d04614a07831261ef41e143517aede146f6c400cdc742c08cfeb8aa6f41c
                                                                                                        • Opcode Fuzzy Hash: 27b2385deba71695c99c6efedd72b086a9f111dfc2c109945d4af995ba379384
                                                                                                        • Instruction Fuzzy Hash: C94188B9A40345DFDB09CF58D891BA9BBF1FB49B18F15C16AE908AF344CB349941CB90
                                                                                                        Function 32EB0227 Relevance: .1, Instructions: 111COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 712de200d78f18bdcfa777822c656e3cce39fac6acd83a343f67f172927b8205
                                                                                                        • Instruction ID: 2b2ebb50c2e9aa76c605d4c3c631b41d75ae3186d31164bc51839e476b77eff7
                                                                                                        • Opcode Fuzzy Hash: 712de200d78f18bdcfa777822c656e3cce39fac6acd83a343f67f172927b8205
                                                                                                        • Instruction Fuzzy Hash: 62419F7660C6419FC715CF68D856B6AB3A9BF88704F008A29F85897690EB70E904C7A6
                                                                                                        Function 32E401F1 Relevance: .1, Instructions: 106COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 60217219fab30d7d5fc2cb2f90293db42116593f581b72c7076c745c3ea74110
                                                                                                        • Instruction ID: ac93c615046bbfccea2b7658f7619908c16e1ed3d5ae3fa323fc659f6a766d4c
                                                                                                        • Opcode Fuzzy Hash: 60217219fab30d7d5fc2cb2f90293db42116593f581b72c7076c745c3ea74110
                                                                                                        • Instruction Fuzzy Hash: 9B31F536A00344ABDB168BA8CC41BDABBE9EF04354F04C576F858D7392DAB49944CB69
                                                                                                        Function 32E59194 Relevance: .1, Instructions: 105COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: e67094f7c4983aa8a59e2f62cff818278526bed883fd778c5e0b47bc47b9f39f
                                                                                                        • Instruction ID: 856bf5bf1be6927a359e5bda6e6c9b559d40b7e98f4006fcc560c1b10b1f06b2
                                                                                                        • Opcode Fuzzy Hash: e67094f7c4983aa8a59e2f62cff818278526bed883fd778c5e0b47bc47b9f39f
                                                                                                        • Instruction Fuzzy Hash: A031B37AA10328AFDB218B64DC41FDAB7B5EF86714F114199A94CAB240DB70CD84CF91
                                                                                                        Function 32E34180 Relevance: .1, Instructions: 102COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 5c3a80ae0b1e5319c34d481822b42e77a456cb77fccb442282287ccf72a070ef
                                                                                                        • Instruction ID: 111c5661b39be1dbf597f0c304c5730fed828ed38f62dc93d809e57139aafb7a
                                                                                                        • Opcode Fuzzy Hash: 5c3a80ae0b1e5319c34d481822b42e77a456cb77fccb442282287ccf72a070ef
                                                                                                        • Instruction Fuzzy Hash: 58419C76101B409FD722CF24C982FD677E8AF45719F41C82AEA999B250DB74E800CF90
                                                                                                        Function 32E566E0 Relevance: .1, Instructions: 102COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                                                                                        • Instruction ID: 092c771b3b034b584c9e2cba5a9f0506ef460fb6b3d40ec3bdf6a8670091e829
                                                                                                        • Opcode Fuzzy Hash: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                                                                                        • Instruction Fuzzy Hash: 0D41EFB6110A55DFC732DF14C882FAA77A5FB49B14F508579F8198B6A0CF34E801DB90
                                                                                                        Function 32E55004 Relevance: .1, Instructions: 101COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                                                                        • Instruction ID: 8d81ac1ef2f1979180501035ece0dea7674885faa595de8cad7965498b3ef45d
                                                                                                        • Opcode Fuzzy Hash: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                                                                        • Instruction Fuzzy Hash: 98310435228301DFE710DA28C412B57B7E4AF85398F60C52EF8A48B281DAB5C841C7E2
                                                                                                        Function 32EAE79D Relevance: .1, Instructions: 100COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a651a8d6ac0c2cd97953d39d3b67776da89b6de1e14852fb443ebb932c22ac88
                                                                                                        • Instruction ID: c7cf634620e14b1deeb5f7f676e129daf599c63b324933af49c66b0470813ab8
                                                                                                        • Opcode Fuzzy Hash: a651a8d6ac0c2cd97953d39d3b67776da89b6de1e14852fb443ebb932c22ac88
                                                                                                        • Instruction Fuzzy Hash: D53101B5E517C09BE3128769D9A6B2177D8BF40B8CF5D84B0BA049F6D2DF78D840C2A0
                                                                                                        Function 32E38470 Relevance: .1, Instructions: 94COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 56b65c7c313e2a1111b46a1a95ddc4f8873053a110326090449f86109fed33f0
                                                                                                        • Instruction ID: 1c9c745376158c8bc0a67293b27def6e09b3889749a1fb18d76bb29e541fb2a1
                                                                                                        • Opcode Fuzzy Hash: 56b65c7c313e2a1111b46a1a95ddc4f8873053a110326090449f86109fed33f0
                                                                                                        • Instruction Fuzzy Hash: CE31B2B56053019FE311CF19C801B56B7E9FB88B18F41896EFD889B751DBB4E844CB91
                                                                                                        Function 32E2D64A Relevance: .1, Instructions: 93COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                                                                        • Instruction ID: d033f5f8e8fde0464c0090409ee6ef2dd19f65f2e8aa1c263501761cbb574baf
                                                                                                        • Opcode Fuzzy Hash: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                                                                        • Instruction Fuzzy Hash: 5331E6BA600744AFEB11DE98C982F5A73A9DF4475CF15C429EE0A9B344DB74DD40CB50
                                                                                                        Function 32E6A5E7 Relevance: .1, Instructions: 92COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 241b8a829ca63ffa8a9ef5e05c64435535f197a1a802660e6b21c643b4a54232
                                                                                                        • Instruction ID: d8c6cf2a4b84f13688a85cfffb9b9c1b69cbe832b21c2da12d97767eafcb9ff9
                                                                                                        • Opcode Fuzzy Hash: 241b8a829ca63ffa8a9ef5e05c64435535f197a1a802660e6b21c643b4a54232
                                                                                                        • Instruction Fuzzy Hash: 583150B6B007009FD724CF69DD46B57B7E8BF09B98F44852DA599C7740EA30E800CB50
                                                                                                        Function 32F017BC Relevance: .1, Instructions: 91COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                                                                        • Instruction ID: 70fff2b9d43c8ab649c34fc179bff49454d2a7e941dd92ba19f4dd9af6484ce1
                                                                                                        • Opcode Fuzzy Hash: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                                                                        • Instruction Fuzzy Hash: C23169B2E00219EBCB04DF69C880AAAB7F1FF58715F15C16AE954DB241D734AA11DFA0
                                                                                                        Function 32E542AF Relevance: .1, Instructions: 89COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 045e01129fd6965d51e703b92205049305215206a4ea418852180c9ec84535c6
                                                                                                        • Instruction ID: 1901cf5990e592b63163ed07d78e49d987812f1fedb040c41f68baca9ed2c360
                                                                                                        • Opcode Fuzzy Hash: 045e01129fd6965d51e703b92205049305215206a4ea418852180c9ec84535c6
                                                                                                        • Instruction Fuzzy Hash: 0631D372B203459FD710DFAAD882A9EB7FAEF41308F20C429D545D7260DB70D945CB90
                                                                                                        Function 32E391E5 Relevance: .1, Instructions: 89COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 28be50e18f7c6a96c4642090142a3b1f35eb08c3651d904e1aaf7ae70e460030
                                                                                                        • Instruction ID: f633b946a1b9d6d37b5413e93afc2e7a0f848ef2bc7e5700db5eb0463ee25fde
                                                                                                        • Opcode Fuzzy Hash: 28be50e18f7c6a96c4642090142a3b1f35eb08c3651d904e1aaf7ae70e460030
                                                                                                        • Instruction Fuzzy Hash: 4D3188B16083458FDB06CF18E842A9ABBE9FF89354F04856AFD5497351DB34DD04CBA2
                                                                                                        Function 32E2E3C0 Relevance: .1, Instructions: 88COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: bd3595b95fed9e13069133a320d96e975d12985ef69259168e005801ee0e241b
                                                                                                        • Instruction ID: 18d0198d57aac51e65fab4d2a2c3670fffcb9b8ad9f8bcddf4e9069850e52f5b
                                                                                                        • Opcode Fuzzy Hash: bd3595b95fed9e13069133a320d96e975d12985ef69259168e005801ee0e241b
                                                                                                        • Instruction Fuzzy Hash: EB31D635A0072C9FD725DA14CC43FDE77B9AB0D744F0540A5EA46A7190DAB4AE81CFD0
                                                                                                        Function 32E2C0F6 Relevance: .1, Instructions: 88COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 92d35c98007d55bc8c747fa73b112035a58f7007421f6bb7755ff838b5b25de1
                                                                                                        • Instruction ID: af1155cd41a26ddcdf22988cfb1812d6c9fed261e060e17ca85febf9f53950ec
                                                                                                        • Opcode Fuzzy Hash: 92d35c98007d55bc8c747fa73b112035a58f7007421f6bb7755ff838b5b25de1
                                                                                                        • Instruction Fuzzy Hash: 80312DB65003108BD7159F68CC43BA977B4EF4171CF84C5A9E9899F382DE74E985CBA0
                                                                                                        Function 32E643D0 Relevance: .1, Instructions: 87COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: ffcf1006c51c945fa3058b6136b23e5f686bc8a5a21cbd839e8bdc8a4b94abb0
                                                                                                        • Instruction ID: 4a05d17702a6812aa72ad05bcb24c3adfb65f8ad96cee9b92a559f615195b908
                                                                                                        • Opcode Fuzzy Hash: ffcf1006c51c945fa3058b6136b23e5f686bc8a5a21cbd839e8bdc8a4b94abb0
                                                                                                        • Instruction Fuzzy Hash: EA21CE765547419BCB21CF54C892B6BB7E4FF88768F018519FC48AB640DB70E901CBA2
                                                                                                        Function 32E644A8 Relevance: .1, Instructions: 87COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2f788e452fe73d534c92f5e9bceb907d933a23c1ad1363216731123cd800826a
                                                                                                        • Instruction ID: d5e955075e655457a49d6b8e01196347868d0580aae29738cb64122b0d16b6c6
                                                                                                        • Opcode Fuzzy Hash: 2f788e452fe73d534c92f5e9bceb907d933a23c1ad1363216731123cd800826a
                                                                                                        • Instruction Fuzzy Hash: 96212E76A40608ABCB21CFA9D981A9EBBA5FF49358F50C075ED059B241DB70DE05CB90
                                                                                                        Function 32EAE289 Relevance: .1, Instructions: 86COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 32b64fc93dbba089fba45cad39734928b95269704e6a2d29a10ba0bbf354ea94
                                                                                                        • Instruction ID: 9dec506503e649b5ceff8eee4b700cee2629dea7c5b4b93e6140b53547736a09
                                                                                                        • Opcode Fuzzy Hash: 32b64fc93dbba089fba45cad39734928b95269704e6a2d29a10ba0bbf354ea94
                                                                                                        • Instruction Fuzzy Hash: B631A079A00305EFCB08CF1CC89199EB7B5FF88704B558469E81A9B350EB31EE45CB90
                                                                                                        Function 32E2E328 Relevance: .1, Instructions: 86COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
                                                                                                        • Instruction ID: d8fe92b19768460644b4772e119d3019b4d2e13cbce046d1b124525e1e4bd8bc
                                                                                                        • Opcode Fuzzy Hash: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
                                                                                                        • Instruction Fuzzy Hash: 15319C35600714EFE715CB68C981F5AB7F8EF48358F1484A9E416DB280DB70EE41CB90
                                                                                                        Function 32E6D450 Relevance: .1, Instructions: 85COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: eda3ee85fafe0c81a42020ea12f33ba027550af3c1b00e65928d5abbfc689e9b
                                                                                                        • Instruction ID: a376bf296be3ebfe836999f4a81217f31ad5060d0f48a5e7cce56292f67fb1dc
                                                                                                        • Opcode Fuzzy Hash: eda3ee85fafe0c81a42020ea12f33ba027550af3c1b00e65928d5abbfc689e9b
                                                                                                        • Instruction Fuzzy Hash: 6121D6795517009BD310EFA4E912F1677D8EB45B5CF418819FA00AB640DF70D905CBE2
                                                                                                        Function 32E5F24A Relevance: .1, Instructions: 79COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
                                                                                                        • Instruction ID: 1f89d6ff5014cc084ab7e2b37d6f6d529aa934c8d40b18e3dc931befc496c702
                                                                                                        • Opcode Fuzzy Hash: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
                                                                                                        • Instruction Fuzzy Hash: 4E21CFB92213049FD719DF55C442B56BBE9FF86365F21816DE40ACB2A0EBB0EC00CB94
                                                                                                        Function 32EB0371 Relevance: .1, Instructions: 79COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 56f0ac59d0a67401336ff76b4448543def89cd80d1b53da9e2ee598e2772ed78
                                                                                                        • Instruction ID: d6a3de2a90855a3cf48680a6d65ec70c51ee521f8218f9a2b5d6539f4d16fd4e
                                                                                                        • Opcode Fuzzy Hash: 56f0ac59d0a67401336ff76b4448543def89cd80d1b53da9e2ee598e2772ed78
                                                                                                        • Instruction Fuzzy Hash: AB21AB75904629DBCF14DF58C882ABEB7F4FF08704B518469F841AB240DB78AD42DBA0
                                                                                                        Function 32F0B781 Relevance: .1, Instructions: 77COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2f18f26cac02dccd5f39818f2527270b71f81a7ba6bc592549e2937f8957a9b1
                                                                                                        • Instruction ID: ac7c35e4f0f6a2652c61be91630a9735cfe4cbed1184af0f6406aa85363a873f
                                                                                                        • Opcode Fuzzy Hash: 2f18f26cac02dccd5f39818f2527270b71f81a7ba6bc592549e2937f8957a9b1
                                                                                                        • Instruction Fuzzy Hash: C721D07AA01215EFEB118F59C884F4ABBB8EF45758F01C864EA049B220DB34ED42DF94
                                                                                                        Function 32E52755 Relevance: .1, Instructions: 73COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 90e0b61ead0165a7cee4fcc27585fc57d341f6e6c97a5b2303ced81f1eed77b3
                                                                                                        • Instruction ID: 1d7e00abcc71c98eee3e4770a688040b64556d21c5ab0577552636bcd2b2a994
                                                                                                        • Opcode Fuzzy Hash: 90e0b61ead0165a7cee4fcc27585fc57d341f6e6c97a5b2303ced81f1eed77b3
                                                                                                        • Instruction Fuzzy Hash: 9F21D1766697909BF3128768CC56B5437D5AF45B78F3883A1F9209B7E2EFA8D840C210
                                                                                                        Function 32E6A22B Relevance: .1, Instructions: 70COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: ec33b669f1dbc1277cc0167e62140923a3e9d65729de9b3586e18db5a236b1fc
                                                                                                        • Instruction ID: fd0e61810246c754f18568d0670bff1c50cc7309f0e4577499f18cdd092bb2c9
                                                                                                        • Opcode Fuzzy Hash: ec33b669f1dbc1277cc0167e62140923a3e9d65729de9b3586e18db5a236b1fc
                                                                                                        • Instruction Fuzzy Hash: 0A219A39690B00DFC725DF29C812B56B3F4BF49B08F248868E519CB751EB71E846CB94
                                                                                                        Function 32E2B705 Relevance: .1, Instructions: 69COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 6cad9dd89a7b8ba410b5c7b81c563e6b2722171397e7d13d0bab4ba923e0ea67
                                                                                                        • Instruction ID: de2a60b533778dff978119ba7361a1ba5fd8b17e5eb6358a1911e3c9db171e2e
                                                                                                        • Opcode Fuzzy Hash: 6cad9dd89a7b8ba410b5c7b81c563e6b2722171397e7d13d0bab4ba923e0ea67
                                                                                                        • Instruction Fuzzy Hash: 3F216672151A00DFC726EF58C952F59B7F5FF08718F15896CE0069AA61CBB4E841CF84
                                                                                                        Function 32E514C9 Relevance: .1, Instructions: 69COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                                                                                        • Instruction ID: 2768452ba6b217bcd3cc1ac3da9b28e1c1c8e3d57294afa3cb8901104ae963d5
                                                                                                        • Opcode Fuzzy Hash: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                                                                                        • Instruction Fuzzy Hash: 15213275215380DBE306CB99C942B8577E9EF00B88F2980A2EC048F392EB7CDC80C720
                                                                                                        Function 32E60044 Relevance: .1, Instructions: 68COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 890f1da43df6bf821c9fa0e63626150f351daea58c3e7afc6d4a7f240fe17a3e
                                                                                                        • Instruction ID: 3d56bb511e76d0597787295e1124dba100319c3a87ce89b1f1e686328665962f
                                                                                                        • Opcode Fuzzy Hash: 890f1da43df6bf821c9fa0e63626150f351daea58c3e7afc6d4a7f240fe17a3e
                                                                                                        • Instruction Fuzzy Hash: 9A11D073640614BFE7228B44D842FAA7BA9EF84759F10842AFA109B140DBB1E945C760
                                                                                                        Function 32E38690 Relevance: .1, Instructions: 68COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f5000f51ae1ecbcb666f27757e8c5707dd3f2afa53fb84551ad927005e014b94
                                                                                                        • Instruction ID: 266adb68606a2c989516bfc698c6a34a271eb968029d30726b89745bf7a7a307
                                                                                                        • Opcode Fuzzy Hash: f5000f51ae1ecbcb666f27757e8c5707dd3f2afa53fb84551ad927005e014b94
                                                                                                        • Instruction Fuzzy Hash: C011CBB9702711DBCB06CF58D4C195A77E6AF4A759B54C0A9EF08DF304DAB2D901CB90
                                                                                                        Function 32E33640 Relevance: .1, Instructions: 67COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4e992f3533b4f44a926ba8a37968225828a87bd452d6540a6a7c90f5cf038c2b
                                                                                                        • Instruction ID: 36841e076d1c90d984a0662b3a45a97d5d3fe010f0cc74a1bf6123704c30c61e
                                                                                                        • Opcode Fuzzy Hash: 4e992f3533b4f44a926ba8a37968225828a87bd452d6540a6a7c90f5cf038c2b
                                                                                                        • Instruction Fuzzy Hash: FD21C5759022098FE702CF59C455BEEB7A4AF8831DF19C028DA52573D0CFB89985C790
                                                                                                        Function 32E38009 Relevance: .1, Instructions: 66COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 94c2e58e7abcc9d4d9e7dcad87779091ffeed9732787bc1de76a43bc620f8ed7
                                                                                                        • Instruction ID: 6ebfe4491782aca37a71c81bcee1e9ef6dbfc532eed4c237dcff30b5e0162015
                                                                                                        • Opcode Fuzzy Hash: 94c2e58e7abcc9d4d9e7dcad87779091ffeed9732787bc1de76a43bc620f8ed7
                                                                                                        • Instruction Fuzzy Hash: 7E217975A01205DFDB05CF98D591AAEBBB5FB88719F20826DD604AB310CB72AD02CFD0
                                                                                                        Function 32E6666D Relevance: .1, Instructions: 65COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 6f77d2051dd55863662d133555ec29e7ab0b434d819b9ee0ce270980b3326c46
                                                                                                        • Instruction ID: c3097f79cfc29ba9c51ec0294194efcf427eab587914e9fd11e2b8aafd6a6015
                                                                                                        • Opcode Fuzzy Hash: 6f77d2051dd55863662d133555ec29e7ab0b434d819b9ee0ce270980b3326c46
                                                                                                        • Instruction Fuzzy Hash: DF215875660B00EFD3248F68D882F66B7E8FB44758F40882DE5AAD7650DA74B850CB60
                                                                                                        Function 32E291F0 Relevance: .1, Instructions: 64COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 320b34484e5a333e93570aa5f1571de5cb06ab35720f2ed86786ab92d31250a7
                                                                                                        • Instruction ID: a96ffabfa348351dfa36f7da28c472984fd066fa9fd77fbd0ec99120b975cf92
                                                                                                        • Opcode Fuzzy Hash: 320b34484e5a333e93570aa5f1571de5cb06ab35720f2ed86786ab92d31250a7
                                                                                                        • Instruction Fuzzy Hash: 9211E6BF193740AAD3149F50DA41A62B7E8EB5AF84F114429E900E7350DA34CC82CB94
                                                                                                        Function 32E5E7E0 Relevance: .1, Instructions: 63COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f594c1cb0e52332278b06a7cad5f411202e473c9d60e4a80fb8f31f0a64d95c9
                                                                                                        • Instruction ID: 4bc165c75c78950568b8b4f894643213e3a574c8403bc41233164e0c52473547
                                                                                                        • Opcode Fuzzy Hash: f594c1cb0e52332278b06a7cad5f411202e473c9d60e4a80fb8f31f0a64d95c9
                                                                                                        • Instruction Fuzzy Hash: 7411047A2112009FDB19DB28DD92A6B72A6DBC57B4B39C53AE9128B290DD74DC02C2D4
                                                                                                        Function 32EC6400 Relevance: .1, Instructions: 63COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: defc1a4eb9ac46d4d4866c3e9b8645cbaac7b66364e1f48b9d87729259c12254
                                                                                                        • Instruction ID: 8f746f9fcefcb1169da83622692b604d6800a967c6fe99520920a44e9c5f146f
                                                                                                        • Opcode Fuzzy Hash: defc1a4eb9ac46d4d4866c3e9b8645cbaac7b66364e1f48b9d87729259c12254
                                                                                                        • Instruction Fuzzy Hash: DB119136280620ABD322CB99DA42F4B77A8FF85765F11C065F604DB255DA70E905C790
                                                                                                        Function 32EFA464 Relevance: .1, Instructions: 61COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
                                                                                                        • Instruction ID: 0f159a9da8d9354688cf4c3113b7f2f81d55756be5d23a980656e0070a01e514
                                                                                                        • Opcode Fuzzy Hash: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
                                                                                                        • Instruction Fuzzy Hash: D311C436610519BFDB19CF54CC06B9DB7B5EF84314F05C269EC5597340EA71AE51CB80
                                                                                                        Function 32E5270D Relevance: .1, Instructions: 58COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 7e9ea773a15993f1f4c0a59a9d56d28b5df002812da1325c7d32b00898de2877
                                                                                                        • Instruction ID: 3647538a7eb99d47171f3fce1896d5cbb92840f41d136e169877de216430de28
                                                                                                        • Opcode Fuzzy Hash: 7e9ea773a15993f1f4c0a59a9d56d28b5df002812da1325c7d32b00898de2877
                                                                                                        • Instruction Fuzzy Hash: 86012679A553409BF319826AD896F97778DDF80398F65C062F9048B251DDA8DC00C271
                                                                                                        Function 32EED270 Relevance: .1, Instructions: 57COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                                                                                        • Instruction ID: 7c984137a27b5f665188e2d1a2bf6b389258c06c6e2042f4f2b94f49dc4b1740
                                                                                                        • Opcode Fuzzy Hash: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                                                                                        • Instruction Fuzzy Hash: DF01A172A00109AB9B05CBE6D846DEF7BBDEF88758B14801ABD06C7200EA70EE01C770
                                                                                                        Function 32E272E0 Relevance: .1, Instructions: 55COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: bd75856932176e618acb67031b04b33c9634d0b92188c57a1d30a4cbdbf45678
                                                                                                        • Instruction ID: e609557f3f54e5157ffe786301882b754cdef7cadc23ee8c1ef2e3c7fc938398
                                                                                                        • Opcode Fuzzy Hash: bd75856932176e618acb67031b04b33c9634d0b92188c57a1d30a4cbdbf45678
                                                                                                        • Instruction Fuzzy Hash: 3F11ACB6640704AFE711DF69C942B5B77F8FF45388F018829E986CB210DB75E800EBA4
                                                                                                        Function 32E63740 Relevance: .1, Instructions: 55COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a895b0f5bbd655e4bb626a068f8bea169639ff1846d6682a0dc188ac967628c5
                                                                                                        • Instruction ID: cf91b44ee1b0591a51f83baffecd92791477146d407eacf9aa393d7d4ab541f4
                                                                                                        • Opcode Fuzzy Hash: a895b0f5bbd655e4bb626a068f8bea169639ff1846d6682a0dc188ac967628c5
                                                                                                        • Instruction Fuzzy Hash: C11137B8A5424ADFD744CF19D441A96BBF4FB49718F44C29AF848CB301DB35E880CBA0
                                                                                                        Function 32E5E45E Relevance: .1, Instructions: 55COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
                                                                                                        • Instruction ID: 59d7f18903b8eea0669a845b4fab2587d2c846c1eab76af5f67270c14763e92c
                                                                                                        • Opcode Fuzzy Hash: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
                                                                                                        • Instruction Fuzzy Hash: D1114476625B908BE3128714C846B8577D8EF05BACF7D80E1EC009B682DF3CC841C3A4
                                                                                                        Function 32E5F1F0 Relevance: .1, Instructions: 54COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 31d40e6727ea60f96f30243b7ffcd61d91d22e3beb325d853a928ac947d65434
                                                                                                        • Instruction ID: e3ba261ab4eeaa91201307a502b5e3641eba834640b9dcc0671214e5b742300d
                                                                                                        • Opcode Fuzzy Hash: 31d40e6727ea60f96f30243b7ffcd61d91d22e3beb325d853a928ac947d65434
                                                                                                        • Instruction Fuzzy Hash: DA1125B9A007489FD710CF69C845B9AB7B8FF45714F608476E904EB282DE78D901C790
                                                                                                        Function 32E2A200 Relevance: .1, Instructions: 52COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                                                                                        • Instruction ID: b7efd2e57352373fd60951b94f4d3da0d239ab84cf2eb90588d0ecd206c64533
                                                                                                        • Opcode Fuzzy Hash: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                                                                                        • Instruction Fuzzy Hash: C501C076505B11EEDB209F15EC42A267BA8EF55BA4710C52DFCAA8B790DB31D500CBA0
                                                                                                        Function 32E36179 Relevance: .1, Instructions: 51COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 890b7ae61f9c25ec305d8aedda52345ae1f3d5a5fa6c047e9bd3b6d8faaabd41
                                                                                                        • Instruction ID: 7b7a6b1996638c2e1053314c3d7aa3d989de52f5036b37467be2d2a8541bf694
                                                                                                        • Opcode Fuzzy Hash: 890b7ae61f9c25ec305d8aedda52345ae1f3d5a5fa6c047e9bd3b6d8faaabd41
                                                                                                        • Instruction Fuzzy Hash: FA112E71A41228ABEB65DB64CC42FE9B274EF04714F5081E5B319A61E0DB709E85CF94
                                                                                                        Function 32EBC490 Relevance: .0, Instructions: 50COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 14e0773666153e189feed01eacf1213d33b54016bc574d7f61c9cbb81e2ec007
                                                                                                        • Instruction ID: acc866876861329464932cc4f840144c25bdf567f57f9f1134d48fa3af86973d
                                                                                                        • Opcode Fuzzy Hash: 14e0773666153e189feed01eacf1213d33b54016bc574d7f61c9cbb81e2ec007
                                                                                                        • Instruction Fuzzy Hash: 641118B5A002199FCB04DFA9D541AAEB7F8EF58300F10806AB904E7341D674AA01CBA4
                                                                                                        Function 32E72010 Relevance: .0, Instructions: 49COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 9dd69980e4efd741adaf0ff96709d642c5fe8d03f728f58c8f8dfa3635285495
                                                                                                        • Instruction ID: ae1249d81aecd4fb9e1a89b5f781854bfebffa46839dcaac114512248e36e369
                                                                                                        • Opcode Fuzzy Hash: 9dd69980e4efd741adaf0ff96709d642c5fe8d03f728f58c8f8dfa3635285495
                                                                                                        • Instruction Fuzzy Hash: CE118035A01208EFDB04DFA8C852FAE7BB5EF44744F108099FD119B280DA75DE15DB90
                                                                                                        Function 32EEF68C Relevance: .0, Instructions: 49COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 9815a9fe20688f1e6950e0a0ae13f89d35a3efd982f4c455b79e14bbda995d3d
                                                                                                        • Instruction ID: 7ab0ed5fbccc66a8eb2349483db6f09eb66fb9d06badc99e9de3fb22eec522e5
                                                                                                        • Opcode Fuzzy Hash: 9815a9fe20688f1e6950e0a0ae13f89d35a3efd982f4c455b79e14bbda995d3d
                                                                                                        • Instruction Fuzzy Hash: 83116175A01349EFCB04CFA9D846E9EBBF8EF44744F508066B904EB380DA74DA01CB90
                                                                                                        Function 32E6E4EF Relevance: .0, Instructions: 49COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 64a4626ae3bdf037f799a85415f361e174c0bf84375ebd679d6fc7ec8a133f4f
                                                                                                        • Instruction ID: 672f065d17c930927b5f5fd5c1241b92a7d5df86c4c42760e23911789a938ec4
                                                                                                        • Opcode Fuzzy Hash: 64a4626ae3bdf037f799a85415f361e174c0bf84375ebd679d6fc7ec8a133f4f
                                                                                                        • Instruction Fuzzy Hash: A601D671221A45BFD311AB79DD92E57B7ACFF857A8B004529B60487550DFA4EC01CAE0
                                                                                                        Function 32E29303 Relevance: .0, Instructions: 48COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
                                                                                                        • Instruction ID: a7a50ddb14085d41ff6ddd9d26b2e2544d437ca79f2f3757293bf9e339504c22
                                                                                                        • Opcode Fuzzy Hash: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
                                                                                                        • Instruction Fuzzy Hash: 4C11D272850B01CFE721AF05C981B12B3E0FF44B6AF25C86DE59A4B4A2CB74EC80CB50
                                                                                                        Function 32EBC691 Relevance: .0, Instructions: 48COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 96348b9ce0bbbdcc1e8332973091aaa87d6ae7e115c69577aff6ffd35ae4735b
                                                                                                        • Instruction ID: b5cf65ce1a62bd80a8bde60a9d7bf2a4235981906499c3d1e0e2ef0184346ab6
                                                                                                        • Opcode Fuzzy Hash: 96348b9ce0bbbdcc1e8332973091aaa87d6ae7e115c69577aff6ffd35ae4735b
                                                                                                        • Instruction Fuzzy Hash: DC117CB56183049FC704CF6DC442A4BBBE4EF88710F00891EB998D7350E670E900CB92
                                                                                                        Function 32F04600 Relevance: .0, Instructions: 48COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                                                                                        • Instruction ID: 2f4c053afeee7f10fcb329b31f02cd90a6533369dc2a29f4b5e03aa2e2fb2d83
                                                                                                        • Opcode Fuzzy Hash: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                                                                                        • Instruction Fuzzy Hash: 9801D876200E009FD721CA95D841F57F3E6FBC5344F448859EA528B650EE70F880DF54
                                                                                                        Function 32E532C5 Relevance: .0, Instructions: 47COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                                                                        • Instruction ID: 7acb199dfe5e9a8c310acf73eee1aaf0d9b95929772d29ce4554caae3e295472
                                                                                                        • Opcode Fuzzy Hash: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                                                                        • Instruction Fuzzy Hash: EB01D673710605A7CB21CA9AEC02E9F376C9FC4788FA48029BD25D7110EE30D911C760
                                                                                                        Function 32E6D0F0 Relevance: .0, Instructions: 47COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                                                                                        • Instruction ID: e023b8b2a73fac287833cf2084c2182e9b69730a7a6a5b17ac6269fe13a3e202
                                                                                                        • Opcode Fuzzy Hash: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                                                                                        • Instruction Fuzzy Hash: 0601F776690744DBE7028A94D802F6973A9EBC8B6CF50C155FE149F280DFB4D941C7A1
                                                                                                        Function 32EEF13E Relevance: .0, Instructions: 47COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 501c28033a34b762f6d0f1ed7a0f9d5cd6555e441a6fe38144d6b07bf118875c
                                                                                                        • Instruction ID: a25a8a13aae0e98b4a1dcd64f3f1dfebc3192d98738e75af2350c69b7e667944
                                                                                                        • Opcode Fuzzy Hash: 501c28033a34b762f6d0f1ed7a0f9d5cd6555e441a6fe38144d6b07bf118875c
                                                                                                        • Instruction Fuzzy Hash: DA017575A11348EFDB04DF69D842F9EB7B8EF44744F408456B904EB281DAB4DE41CB94
                                                                                                        Function 32EEF607 Relevance: .0, Instructions: 47COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4205a8ba555e3127a5fc1309c17ab6a0b0ad95a160ecc2e56d1479f360f773f1
                                                                                                        • Instruction ID: bb707e47c9ec8b485d6ee7ae12de4ca04887a1b37db92daa7ea4ea1b00803dfa
                                                                                                        • Opcode Fuzzy Hash: 4205a8ba555e3127a5fc1309c17ab6a0b0ad95a160ecc2e56d1479f360f773f1
                                                                                                        • Instruction Fuzzy Hash: 08017575A51308AFD704DFA9D846F9EB7B8EF44754F408056B940EB380DAB4DA01CB90
                                                                                                        Function 32EEF4FD Relevance: .0, Instructions: 47COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4d76ed521dba26d008043c4465a0c587f8e09afaa7df0cada251ea0477ec1331
                                                                                                        • Instruction ID: 1c59933870c34e070a93eaafb9e05c0874a03e19df3cbfc2dec4ade05561b3f0
                                                                                                        • Opcode Fuzzy Hash: 4d76ed521dba26d008043c4465a0c587f8e09afaa7df0cada251ea0477ec1331
                                                                                                        • Instruction Fuzzy Hash: 36019271A11208EBC714DFA9D846E9EB7B8EF44710F008056B814EB280DAB4DE01C790
                                                                                                        Function 32EEF478 Relevance: .0, Instructions: 47COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: cdf121dd119e747ddd5c604f94169006d9473b77de9172281f81f6c2bc1dda89
                                                                                                        • Instruction ID: 63814dc10b86b8410c94d5700627517c99849f10daf0603b8d299e25517ef041
                                                                                                        • Opcode Fuzzy Hash: cdf121dd119e747ddd5c604f94169006d9473b77de9172281f81f6c2bc1dda89
                                                                                                        • Instruction Fuzzy Hash: 8D017575A11348EFDB04DFA9D846E9EB7B8EF44754F008056F901EB381DAB4DA41C791
                                                                                                        Function 32E2821B Relevance: .0, Instructions: 46COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 32764a650edeee818941413ae8101f3032c6ba0af5b49342a41e16316a1226c8
                                                                                                        • Instruction ID: f0921469bbd0b42dc4944b1413da9c7ed01b2db3309cf86f37b38bce78c93a81
                                                                                                        • Opcode Fuzzy Hash: 32764a650edeee818941413ae8101f3032c6ba0af5b49342a41e16316a1226c8
                                                                                                        • Instruction Fuzzy Hash: 1F018876714704DFCB04EB66D91395EB3B9AF81B54F41C066E906E7140DE70DD06C660
                                                                                                        Function 32E6415F Relevance: .0, Instructions: 46COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: b3609c5d8ffed6a8020ce953bc5e4a0133c5469ba57b9932b2dec16fade7b578
                                                                                                        • Instruction ID: d76626731cd7bd1706547c0c2defbd0a5db5cf6247764239bf470245fb7f1e5a
                                                                                                        • Opcode Fuzzy Hash: b3609c5d8ffed6a8020ce953bc5e4a0133c5469ba57b9932b2dec16fade7b578
                                                                                                        • Instruction Fuzzy Hash: 8E01F97F1842019BC315CF7DD612572BBE8FB5931C704C56AE409E7B14DA32E942C760
                                                                                                        Function 32EEF38A Relevance: .0, Instructions: 45COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: b9168e28935c9179753a6e3ad9f1965adca5a4333483130d01ccbc8bdadda502
                                                                                                        • Instruction ID: 13eae0c6d33ec44e652e4ed2e09dc1dd7144d81f91ebca6cc37d30564ed0b9e1
                                                                                                        • Opcode Fuzzy Hash: b9168e28935c9179753a6e3ad9f1965adca5a4333483130d01ccbc8bdadda502
                                                                                                        • Instruction Fuzzy Hash: F801F771A10318EFD714DBA9D856F9FB7B8EF54704F408066F401EB280DAB4D901C790
                                                                                                        Function 32E324A2 Relevance: .0, Instructions: 45COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 1d0d886deeb94fbd0254d61d76126a0bb6f6bddbbbd8accd35bd42ccef87b5dc
                                                                                                        • Instruction ID: 4c4f2710b4c8c8d14457b574fb117f7054615c442a0abb340b181838a600df56
                                                                                                        • Opcode Fuzzy Hash: 1d0d886deeb94fbd0254d61d76126a0bb6f6bddbbbd8accd35bd42ccef87b5dc
                                                                                                        • Instruction Fuzzy Hash: C3F0F432A02A60B7D332CF56DC42F477BA9EFC4BA1F14C028BA4997240DA60DC01D7A0
                                                                                                        Function 32EF92AB Relevance: .0, Instructions: 44COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                                        • Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
                                                                                                        • Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                                        • Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94
                                                                                                        Function 32F051B6 Relevance: .0, Instructions: 44COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 9253acbdc85ff1df002857843d1ff86937d8febe86b6457107dc6857ff0424a3
                                                                                                        • Instruction ID: cd1d8db40eeb0ac29c5f321008e6bfc0a62f789e1b54a58370826b8f4e4b0e77
                                                                                                        • Opcode Fuzzy Hash: 9253acbdc85ff1df002857843d1ff86937d8febe86b6457107dc6857ff0424a3
                                                                                                        • Instruction Fuzzy Hash: 54118078E10259EFCB04DFA9D541AAEB7B4FF18704F14845AB914EB341EB74DA02CBA4
                                                                                                        Function 32E2C2B0 Relevance: .0, Instructions: 43COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                                                                                        • Instruction ID: ac4d4c3381eb0f5dd0ffeea5fd8f73d6b9943f3adad37f112e7d855937bdb7e8
                                                                                                        • Opcode Fuzzy Hash: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                                                                                        • Instruction Fuzzy Hash: 0AF0C273240B329FD32226D9C842B5B66A59FDAF64F179035B50AAB640CEA29C0296D4
                                                                                                        Function 32F050B7 Relevance: .0, Instructions: 43COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 93632f04d3e0ad5e83857c3196504e7a2cf5709327c13eafaa140c1f10045b19
                                                                                                        • Instruction ID: 15cd9d968b74f739280e0a2b20be0c8e2530b2750a3dbe26bc5999e45ee18fa8
                                                                                                        • Opcode Fuzzy Hash: 93632f04d3e0ad5e83857c3196504e7a2cf5709327c13eafaa140c1f10045b19
                                                                                                        • Instruction Fuzzy Hash: 12115EB0A00209DFDB04DFA9D441BADF7F4BF08300F0481AAE514EB382E674D940CB90
                                                                                                        Function 32E65654 Relevance: .0, Instructions: 43COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                                                        • Instruction ID: dcc58e331ee827d45d051b1e2159ae9411207e64c7acaa38d5494bc0d9662912
                                                                                                        • Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                                                        • Instruction Fuzzy Hash: B4F0FFB2A01214AFE309CF5CCC41F6AB7ECEB45658F018079E901DB220EA71DE04CA94
                                                                                                        Function 32EEF30A Relevance: .0, Instructions: 42COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: b3bcb88bf75c76f707d1aaaec30081801cbf17c2943cbbed2cde6adde03c8c7f
                                                                                                        • Instruction ID: 8b32b141f330e899198496b9862c3f2fdf81e4d5ed2e84baf68e7df4ec14a96c
                                                                                                        • Opcode Fuzzy Hash: b3bcb88bf75c76f707d1aaaec30081801cbf17c2943cbbed2cde6adde03c8c7f
                                                                                                        • Instruction Fuzzy Hash: 44010CB4E00309AFDB04DFA9D556A9EB7F4FF08744F508069B855EB341EA74DA00CBA1
                                                                                                        Function 32EBD4A0 Relevance: .0, Instructions: 42COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2a7271a754472b874e634ab788c959c965e9a222896f46841ba465093b860c92
                                                                                                        • Instruction ID: f47635d12b2a912f84b6441e8580b05479773309c8c0ac872d0a7525b4f6d90a
                                                                                                        • Opcode Fuzzy Hash: 2a7271a754472b874e634ab788c959c965e9a222896f46841ba465093b860c92
                                                                                                        • Instruction Fuzzy Hash: E2F0FC3A3A1E80ABCA3577E0ED56F2A3755EFC1B4CF914428B3011B590DE94CC01C690
                                                                                                        Function 32E6716D Relevance: .0, Instructions: 40COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d9094b8c0e0c6258773a4d94f691f5c07bcccd706a453715036b0034c324f6df
                                                                                                        • Instruction ID: b7d7d0a4aca8325fb3660ee3f68c39c743316bffe11b5237035f403a0a1a3888
                                                                                                        • Opcode Fuzzy Hash: d9094b8c0e0c6258773a4d94f691f5c07bcccd706a453715036b0034c324f6df
                                                                                                        • Instruction Fuzzy Hash: B0F04CB6B413645BEB00C7A48802FFA7BA8DF80B5CF00C457AD0097148DA34D940D670
                                                                                                        Function 32E2C090 Relevance: .0, Instructions: 39COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 09be89d9ae306894c62036e1cf0e4440c061db740760470f13690ca81fd71fb3
                                                                                                        • Instruction ID: 144dff17f5eec7d8980e2b1dad8262855f83ff20cb18529e6587001f2b6632a9
                                                                                                        • Opcode Fuzzy Hash: 09be89d9ae306894c62036e1cf0e4440c061db740760470f13690ca81fd71fb3
                                                                                                        • Instruction Fuzzy Hash: D7F0F072A443655EF204A60ACD13F237286EBC0759F22C02AEA0A8B291EE72DD02C654
                                                                                                        Function 32E6648A Relevance: .0, Instructions: 39COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 27ad05b8e58240d1188b330729f06260c3e4e1681a79e557c5c2445771ba451c
                                                                                                        • Instruction ID: 4a16935ddc9b6f9f8406f2e6b18e5b53e7eeaaa251e7108a460f589d9eab29e0
                                                                                                        • Opcode Fuzzy Hash: 27ad05b8e58240d1188b330729f06260c3e4e1681a79e557c5c2445771ba451c
                                                                                                        • Instruction Fuzzy Hash: 320181B96957809BF7168B28CD5BB2533A8BB10B4CF94C590F9009BAD6DF6CD840C120
                                                                                                        Function 32F032C9 Relevance: .0, Instructions: 38COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                                                                        • Instruction ID: 4623f05f40869a5a99bb46a26101b1e738e69abb17fb86cdae11b40081fa4ecf
                                                                                                        • Opcode Fuzzy Hash: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                                                                        • Instruction Fuzzy Hash: 0DF04F76640244BFE7119B64CC42FDAB7FCEB44714F108566BA55D7180EAB0EA40DB90
                                                                                                        Function 32F05149 Relevance: .0, Instructions: 35COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4f5cd77fe38515649d641dbe4ffd0f9af1f9a9e9007eb0fbc34cafff6b05a302
                                                                                                        • Instruction ID: 6b0949bee6bc6ca63106ecb751b056faf728510ffd7c9921cf75f158dd78f578
                                                                                                        • Opcode Fuzzy Hash: 4f5cd77fe38515649d641dbe4ffd0f9af1f9a9e9007eb0fbc34cafff6b05a302
                                                                                                        • Instruction Fuzzy Hash: 75F04FB4A10208EFDB04DFA9D545AAEB7F4FF08704F508459B945EB381EAB4DE01DB54
                                                                                                        Function 32E60774 Relevance: .0, Instructions: 35COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                                                                                        • Instruction ID: 181149f0c1143c1c2586e59b9aa18896478978fe75007f5e52426ce5d903caae
                                                                                                        • Opcode Fuzzy Hash: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                                                                                        • Instruction Fuzzy Hash: CAF0B472650204AFE314DB21DC06BA6B3E9EF99758F24C0789905D7160FFB1EE00C614
                                                                                                        Function 32EEF247 Relevance: .0, Instructions: 33COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: b3c7b3a3af3504ba34c01452be1b7d35738023ed026d52991856b2afcae0621d
                                                                                                        • Instruction ID: 6f9171f07f815804ddb69a95ca27c6e349051cca37017548c2fcb46c091fafba
                                                                                                        • Opcode Fuzzy Hash: b3c7b3a3af3504ba34c01452be1b7d35738023ed026d52991856b2afcae0621d
                                                                                                        • Instruction Fuzzy Hash: E4F06DB5A10348EFDB08DFE9D506E9EB7F4AF08704F408069B905EB281EB74DA00CB94
                                                                                                        Function 32E3471B Relevance: .0, Instructions: 33COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 7dbc3c5a61f0d7a6730f102fcc34ab7feb894136eede676aca8f921f2e6112d0
                                                                                                        • Instruction ID: c6e55a96e37de644bb59c50879fcf58d94238a6cc82cc2e16e7999807205ceab
                                                                                                        • Opcode Fuzzy Hash: 7dbc3c5a61f0d7a6730f102fcc34ab7feb894136eede676aca8f921f2e6112d0
                                                                                                        • Instruction Fuzzy Hash: 2EF024BB9137908EE7138325C102B4177F49B037AAF04C8A6DA288F511CB64D880CA50
                                                                                                        Function 32EEF2AE Relevance: .0, Instructions: 30COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 13e4d273810fc08362d52acf74e70e1dd57aa4082627b1cab498ee64db9370c8
                                                                                                        • Instruction ID: 05d9c9747ef5ac212e8c89a632350187b8e1f55821454663e88c2dc973e1e255
                                                                                                        • Opcode Fuzzy Hash: 13e4d273810fc08362d52acf74e70e1dd57aa4082627b1cab498ee64db9370c8
                                                                                                        • Instruction Fuzzy Hash: 2BF0E274A10208ABCB04CBE9C467B8EB7B8EF08704F504098F502EB280DA74D900C758
                                                                                                        Function 32F0505B Relevance: .0, Instructions: 30COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: ac9c0d5e1b3f134f9239879e0b32cc7164b4e69ecaaab8bf9b18949eeef06a10
                                                                                                        • Instruction ID: 7a40ac42dc397235850627c784f1fc32f80c963835c8ae6ab8d581716145f3df
                                                                                                        • Opcode Fuzzy Hash: ac9c0d5e1b3f134f9239879e0b32cc7164b4e69ecaaab8bf9b18949eeef06a10
                                                                                                        • Instruction Fuzzy Hash: 03F08975610249ABDB04DB79D556F5DB7B4EF04704F504458B501EB281EAB4D900D754
                                                                                                        Function 32E67128 Relevance: .0, Instructions: 30COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: e53ea600d71df7e4059c3bbcf2f510dcd7bc3416e96d61ba6f7325f5105d4280
                                                                                                        • Instruction ID: a1e2f7d7e2c0df694aba0b29ab7270675a876630f03cf548a0dce0f5c49a0cb1
                                                                                                        • Opcode Fuzzy Hash: e53ea600d71df7e4059c3bbcf2f510dcd7bc3416e96d61ba6f7325f5105d4280
                                                                                                        • Instruction Fuzzy Hash: 8AF0E23BD116508FEB10C726D156B0273D4AB00BB8F09C0A1D9198F902C764D844C691
                                                                                                        Function 32EEF7CF Relevance: .0, Instructions: 30COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 82df84b9a5cd466c1c9d38cc44b409b6e9924fee066032f72f1a100d9a2ba778
                                                                                                        • Instruction ID: 5ec68ab3b1ae04c310d82095fcca85ad69cf1ac8cb146a396ed6c3da817115e7
                                                                                                        • Opcode Fuzzy Hash: 82df84b9a5cd466c1c9d38cc44b409b6e9924fee066032f72f1a100d9a2ba778
                                                                                                        • Instruction Fuzzy Hash: 81F08275A11248EBDB04CBA9D556A9EB7B8AF08704F504098F502FB281E9B4D940C758
                                                                                                        Function 32EEF717 Relevance: .0, Instructions: 30COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f9713a9abf5bacd877ed8760a0f30d52cf8e682968af32658ad494d4655bd20b
                                                                                                        • Instruction ID: a390d5717c09db090dc8ee68ef7e52a811e5c02fdbed1d108d1db9d7a3f84167
                                                                                                        • Opcode Fuzzy Hash: f9713a9abf5bacd877ed8760a0f30d52cf8e682968af32658ad494d4655bd20b
                                                                                                        • Instruction Fuzzy Hash: 76F08275A11248EBDB04CBA9D557B9EB7B8AF08748F404098F501EB281DAB4D940C758
                                                                                                        Function 32E6174A Relevance: .0, Instructions: 29COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 311602f1f2874124acf17e73075354d98acb43299a44d013eb3b7d76d9d91dbf
                                                                                                        • Instruction ID: b9dbd3e34806c160cee4d6719ce81573243b89397c33251b61ca59b1f8338e2f
                                                                                                        • Opcode Fuzzy Hash: 311602f1f2874124acf17e73075354d98acb43299a44d013eb3b7d76d9d91dbf
                                                                                                        • Instruction Fuzzy Hash: F0E02276681820ABD2118A18EC01F77739DEFE1A24F0A8435F444CB210DA28EC02C3E0
                                                                                                        Function 32E30630 Relevance: .0, Instructions: 28COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                                                                                        • Instruction ID: 840d502ac5c6085f7ce3273fb72d16b6f93d7d6d5475430efd1d233353e9c550
                                                                                                        • Opcode Fuzzy Hash: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                                                                                        • Instruction Fuzzy Hash: 71F0E579205354DFDB0ACF11D041AD57BF4AB957A5F048094FD898B341DB71ED81C785
                                                                                                        Function 32E654E0 Relevance: .0, Instructions: 28COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 369f009082050829a275a7bbe12d1f068ebee6e8ca6735a7f0af70988af87659
                                                                                                        • Instruction ID: b25084396de131ce18495f62e4801c6c490cc2cdd1ba7f8035ce66ceedf6d32d
                                                                                                        • Opcode Fuzzy Hash: 369f009082050829a275a7bbe12d1f068ebee6e8ca6735a7f0af70988af87659
                                                                                                        • Instruction Fuzzy Hash: 09E0E532290711ABD3210A0ADC06F12BB58EF807B5F10C129F92817590CE60EC41CAD0
                                                                                                        Function 32F03336 Relevance: .0, Instructions: 27COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                                                                                        • Instruction ID: 817ac01d08dd6ad369ce7325b1d65319b731ae890cd1d6d25809f5ea51cf5431
                                                                                                        • Opcode Fuzzy Hash: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                                                                                        • Instruction Fuzzy Hash: 6BE065B2220600BBEB25DB58DD52FAA73ACEB40720F604658B225920D0DEB0FE40DB60
                                                                                                        Function 32E281EB Relevance: .0, Instructions: 21COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 114db9202c54257abf2526529968dd102c67066819c003b1d4cdd2b3c6882db7
                                                                                                        • Instruction ID: 7b01e9eac4bd48067c4e0aafa08f0347808672dd8551d9edde6d799b06a19d46
                                                                                                        • Opcode Fuzzy Hash: 114db9202c54257abf2526529968dd102c67066819c003b1d4cdd2b3c6882db7
                                                                                                        • Instruction Fuzzy Hash: 30E08C32060720EEFB31AA24EC02F4177A1EF00B50F20846AF08A064A08AF49C81DA68
                                                                                                        Function 32E6E4BC Relevance: .0, Instructions: 16COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
                                                                                                        • Instruction ID: 03ac04b4f37af35030d5576d2025af80a8eea6593835f24c14b05d41d862b95e
                                                                                                        • Opcode Fuzzy Hash: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
                                                                                                        • Instruction Fuzzy Hash: E0D0A932214A20ABD332AA2CFC11FC333E8AB88B61F124459B008CB050C7A4EC81C680
                                                                                                        Function 32E2A093 Relevance: .0, Instructions: 15COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                                                                                        • Instruction ID: 38343e940bc162f1f47b5f2a8c62286096406092562eae20b7ed3aff29654897
                                                                                                        • Opcode Fuzzy Hash: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                                                                                        • Instruction Fuzzy Hash: DCD022322022309BCB283B40A920F537A049B84B94F16002C380B83A00CC008C42C2E0
                                                                                                        Function 32E6A750 Relevance: .0, Instructions: 14COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
                                                                                                        • Instruction ID: 2c091b01b8857ba11a42eec50bf5ad525ed7862d83b159b5ef128b0905653597
                                                                                                        • Opcode Fuzzy Hash: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
                                                                                                        • Instruction Fuzzy Hash: E9D012371E054CBBCB119F65DC12F957BA9E794B60F548020B504875A0CA7AE950D584
                                                                                                        Function 32E401C0 Relevance: .0, Instructions: 12COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                                                                                        • Instruction ID: cbd72e4fa0606b86db54c98c10d23e4778380b75a332d8cf0fd4595f4795b572
                                                                                                        • Opcode Fuzzy Hash: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                                                                                        • Instruction Fuzzy Hash: 5ED0C93A312D80CFD60ACB08C891B0533A4BB44B88FC144A0E801CB722E66CE940CA00
                                                                                                        Function 32E6C620 Relevance: .0, Instructions: 12COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 8b26b5d956b916a6823f9d5f3f736f76b5a6e9545a82aefec3b8cf0bc66e7001
                                                                                                        • Instruction ID: ac28c47c5a21ed7ca8089d2b019668670d31ef7ff22cb710d799bd78a6288468
                                                                                                        • Opcode Fuzzy Hash: 8b26b5d956b916a6823f9d5f3f736f76b5a6e9545a82aefec3b8cf0bc66e7001
                                                                                                        • Instruction Fuzzy Hash: 80C08033150644AFC711DF94DD11F0177A9E758B00F104021F30447570C571FC10D644
                                                                                                        Function 32E50230 Relevance: .0, Instructions: 11COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                        • Instruction ID: 7a7bee38e087ce9c7813d370dda0fe4d7a17a977d6d75b071e6723cb6d573473
                                                                                                        • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                        • Instruction Fuzzy Hash: EDD0123611024CEFCB01DF41C850D6A772AFFC8710F148019FD1D0B6119A71ED62DA50
                                                                                                        Function 32E5332D Relevance: .0, Instructions: 10COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                                                                                        • Instruction ID: 23264c9a086a34f74da40c4f231a1f1a27d640c823f91c02749079dc3fe7d5f0
                                                                                                        • Opcode Fuzzy Hash: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                                                                                        • Instruction Fuzzy Hash: 91C08CB81616806AEB1B5B00C92AB283754AB40B4DFE0419CBA201D4A1CBAAD8018208
                                                                                                        Function 32E30670 Relevance: .0, Instructions: 9COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                                                                                        • Instruction ID: 64221bd93ef0d3ec11122f599cbe8e65f8b711a173ef6dd18017cfa03930e1d8
                                                                                                        • Opcode Fuzzy Hash: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                                                                                        • Instruction Fuzzy Hash: C7C04C397515408FDF05CB1AD285F4977E4B754B44F5544D0FC05CB721D664ED40CA11
                                                                                                        Function 32B2F40C Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227588558.0000000032B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 32B20000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32b20000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 776411fb80cb0b66a81af5b6eb8d1c3e5ee7771fd6a170233ef9491b65e81005
                                                                                                        • Instruction ID: 92dcab965c0f9816b77874349d798a2a4c2c088466b199803a5e61fdcf44dc80
                                                                                                        • Opcode Fuzzy Hash: 776411fb80cb0b66a81af5b6eb8d1c3e5ee7771fd6a170233ef9491b65e81005
                                                                                                        • Instruction Fuzzy Hash:
                                                                                                        Function 32E74260 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: fad16286d5848b083fa9f2839ce3f039701bad16fd168cb38357554ddfb92b08
                                                                                                        • Instruction ID: ee225ac97701fe7af9e431dda745564ff8ded0917ecade4363470a0996a83367
                                                                                                        • Opcode Fuzzy Hash: fad16286d5848b083fa9f2839ce3f039701bad16fd168cb38357554ddfb92b08
                                                                                                        • Instruction Fuzzy Hash: 0B900231A05404529540B2985A86546400557E0701B91C417E4854514CCA34895AA361
                                                                                                        Function 32E74570 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 96adf52e79e3d420ef072094aef01ba4f7e06de74b59f7c0018e74a955c005eb
                                                                                                        • Instruction ID: d827477232a79b17b68522f9e94c0ad286baf8a356567ad30037870d36d08e9a
                                                                                                        • Opcode Fuzzy Hash: 96adf52e79e3d420ef072094aef01ba4f7e06de74b59f7c0018e74a955c005eb
                                                                                                        • Instruction Fuzzy Hash: 11900261A01104824540B2985A06406600557E17013D1C51BA4984520CC6388859E269
                                                                                                        Function 32E72AC0 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: ad37cc3e7edd2d9360486e4a500b41601306c60c9663371de39879f1df4966da
                                                                                                        • Instruction ID: 7824f3a1c54e0697563e2742f5f44fad745752ccc14081428cc151dedb153f7a
                                                                                                        • Opcode Fuzzy Hash: ad37cc3e7edd2d9360486e4a500b41601306c60c9663371de39879f1df4966da
                                                                                                        • Instruction Fuzzy Hash: D7900231A0500C42D550B2985616746000547D0701F91C417A4454614DC7758A59B6A1
                                                                                                        Function 32E72AA0 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 0fa3ccf33b440815e9a0be8c785f3dde8d0cac03453c092ccf88e04f6ea3e0ca
                                                                                                        • Instruction ID: 372fdd60e3777eccb470e8f474977c3f9a34e772134caafb3a4dfe4b16a6743e
                                                                                                        • Opcode Fuzzy Hash: 0fa3ccf33b440815e9a0be8c785f3dde8d0cac03453c092ccf88e04f6ea3e0ca
                                                                                                        • Instruction Fuzzy Hash: 0E90023160100C42D504A2985A06686000547D0701F91C417AA454615ED6758895B131
                                                                                                        Function 32E72A80 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: ae93cdb72c11a55fea44437332b8ec05b17b92a2682ecea0ad98d0e8c890e718
                                                                                                        • Instruction ID: 5e6ed3c437594d5b330183b28565d58997b1b1e85cbaa0c08cfd47d534c9701c
                                                                                                        • Opcode Fuzzy Hash: ae93cdb72c11a55fea44437332b8ec05b17b92a2682ecea0ad98d0e8c890e718
                                                                                                        • Instruction Fuzzy Hash: 4E900261602004434505B2985616616400A47E0701B91C427E5444550DC5358895B125
                                                                                                        Function 32E72A10 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 3365160f9dacdd4216921448f0cc98874ff2f0d442bda064c928e7f68debec75
                                                                                                        • Instruction ID: 8c6235f92e22f7c14bce9219bf7adf41635f820908b64606e906e25eddecbdf7
                                                                                                        • Opcode Fuzzy Hash: 3365160f9dacdd4216921448f0cc98874ff2f0d442bda064c928e7f68debec75
                                                                                                        • Instruction Fuzzy Hash: 73900225621004420545E698170650B044557D67513D1C41BF5846550CC6318869A321
                                                                                                        Function 32E72BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: daac1d65355ef2fd6012a1dd405a9ddf077cb7c136cbf1d829fbf42f10b86eb5
                                                                                                        • Instruction ID: 13d14cc49074aa19062ab2d6000aa433b07d47b4e5245118c68aa8babdef39db
                                                                                                        • Opcode Fuzzy Hash: daac1d65355ef2fd6012a1dd405a9ddf077cb7c136cbf1d829fbf42f10b86eb5
                                                                                                        • Instruction Fuzzy Hash: 3A900221A0500842D540B298661A706001547D0701F91D417A4454514DC6798A59B6A1
                                                                                                        Function 32E72B80 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 96a8ae93a8c1242ebb1cf85d95f844fcab7c60647338cf2af39adc1a724ec134
                                                                                                        • Instruction ID: d236f670f78feb1795ba5d0258e6a406ea7fe05991b08a89a8afda10ed0e1e81
                                                                                                        • Opcode Fuzzy Hash: 96a8ae93a8c1242ebb1cf85d95f844fcab7c60647338cf2af39adc1a724ec134
                                                                                                        • Instruction Fuzzy Hash: 0A90023160100C82D500A2985606B46000547E0701F91C41BA4554614DC635C855B521
                                                                                                        Function 32E72B00 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 449610f5a8fdcc96935f1d6e93a661c79c5464d37c82aa03c49400b8fdee3407
                                                                                                        • Instruction ID: cb1984afeb9cd120de25156b0af4575cf5b033c8f902e0151d6794d963bfe47f
                                                                                                        • Opcode Fuzzy Hash: 449610f5a8fdcc96935f1d6e93a661c79c5464d37c82aa03c49400b8fdee3407
                                                                                                        • Instruction Fuzzy Hash: 0C90023160504C82D540B2985606A46001547D0705F91C417A4494654DD6358D59F661
                                                                                                        Function 32E72B10 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 9ea0a4c416df8a05895d96fb440a078a5d45677835c38c25e5268996c1ff25ed
                                                                                                        • Instruction ID: 3a117fc95e46831333750551ae19b92132f92dae7b9eb0dd1b2f510e1a438edf
                                                                                                        • Opcode Fuzzy Hash: 9ea0a4c416df8a05895d96fb440a078a5d45677835c38c25e5268996c1ff25ed
                                                                                                        • Instruction Fuzzy Hash: CA90023160100C42D580B298560664A000547D1701FD1C41BA4455614DCA358A5DB7A1
                                                                                                        Function 32E738D0 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f987365d52dfce287da102aef7a091522023cb6fcb437699a1f49e53c4a2c0a1
                                                                                                        • Instruction ID: f3af3fa7ec60d725ff5dc5c7040c2ba3f1a25aae78fca4c5c4ddb7b8f1820076
                                                                                                        • Opcode Fuzzy Hash: f987365d52dfce287da102aef7a091522023cb6fcb437699a1f49e53c4a2c0a1
                                                                                                        • Instruction Fuzzy Hash: 5290022164505542D550B29C5606616400567E0701F91C427A4C44554DC5758859B221
                                                                                                        Function 32E729F0 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: b2681277535b0ed9d0be3feb70bc8500fa7189e690b65b04b1044bc08b5bf9bd
                                                                                                        • Instruction ID: 566cbd54ebf66ae83735459d0193d6c95ddbaf53d7d1ecdff7e1350871985af4
                                                                                                        • Opcode Fuzzy Hash: b2681277535b0ed9d0be3feb70bc8500fa7189e690b65b04b1044bc08b5bf9bd
                                                                                                        • Instruction Fuzzy Hash: 7A900435711004430505F7DC1707507004747D57513D1C437F5445510CD731CC75F131
                                                                                                        Function 32E729D0 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: b1856f9a3bd4a03a75dafa4b1b510ded68c90af07e57cc591a1e012f0cce41eb
                                                                                                        • Instruction ID: 63f6423d89e30691e90d3d80e8461a320adfb7a3f41b4d849806a839cab7b419
                                                                                                        • Opcode Fuzzy Hash: b1856f9a3bd4a03a75dafa4b1b510ded68c90af07e57cc591a1e012f0cce41eb
                                                                                                        • Instruction Fuzzy Hash: 039002A1601144D24900E3989606B0A450547E0701B91C41BE5484520CC5358855E135
                                                                                                        Function 32E72EC0 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 845a8ad76b37506dd30698935abebf34ce2e559d58f945bc5d6c19ccf96c0461
                                                                                                        • Instruction ID: 1aab0dc75ecd7524852d4dbc9ab02a5cfc304d4d145407c4c22b385f41995026
                                                                                                        • Opcode Fuzzy Hash: 845a8ad76b37506dd30698935abebf34ce2e559d58f945bc5d6c19ccf96c0461
                                                                                                        • Instruction Fuzzy Hash: 9D90023160140842D500A2985A0A747000547D0702F91C417A9594515EC675C895B531
                                                                                                        Function 32E72ED0 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2bdbb3f55b8c94c87f4dec02896a46a80c6ef78b64d2c48772647400590f52e3
                                                                                                        • Instruction ID: eae5951326cfb461a8092bfdfbabe3440e6e1e395431d796d7d771f305af084c
                                                                                                        • Opcode Fuzzy Hash: 2bdbb3f55b8c94c87f4dec02896a46a80c6ef78b64d2c48772647400590f52e3
                                                                                                        • Instruction Fuzzy Hash: 96900221A01004824540B2A89A4690640056BE1711791C527A4DC8510DC5798869A665
                                                                                                        Function 32E72E80 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 33a56031200b6bef6fe26794d034de921c7779afff605cc3a8ff8553e1627145
                                                                                                        • Instruction ID: 18128d7e95c89e746555eac92071888e7fd73ec22e7012ef8ae3f69f88921b06
                                                                                                        • Opcode Fuzzy Hash: 33a56031200b6bef6fe26794d034de921c7779afff605cc3a8ff8553e1627145
                                                                                                        • Instruction Fuzzy Hash: 0190026161100482D504A2985606706004547E1701F91C417A6584514CC5398C65A125
                                                                                                        Function 32E72E50 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 25878b1719ebd9e79964245bc0ef8a48bfcdc53ba194a05302986e4716b28460
                                                                                                        • Instruction ID: 3d7efe5fd1c0f5f9ca8d1e9a659b9fde37c1afb2ed803fcd4bef16e9bacc3622
                                                                                                        • Opcode Fuzzy Hash: 25878b1719ebd9e79964245bc0ef8a48bfcdc53ba194a05302986e4716b28460
                                                                                                        • Instruction Fuzzy Hash: 6890026174100882D500A2985616B06000587E1701F91C41BE5494514DC639CC56B126
                                                                                                        Function 32E72E00 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 36019e9a0464f75e830b136e7a2de7db3443c177625f0896759f3da63d630d9d
                                                                                                        • Instruction ID: 7f8d6328884eb9ddc27c9d96f5dc0d947c3b1ffb6181535b841e326f150c7267
                                                                                                        • Opcode Fuzzy Hash: 36019e9a0464f75e830b136e7a2de7db3443c177625f0896759f3da63d630d9d
                                                                                                        • Instruction Fuzzy Hash: 7390026160140843D540A6985A06607000547D0702F91C417A6494515ECA398C55B135
                                                                                                        Function 32E72FB0 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 07208e919d944a24b8a2cd74736992d525e5c408d686e168bcbb5bb5e2d7fee3
                                                                                                        • Instruction ID: 97bfd6360c782a2f3ec25adef924ef29fea710b6069142d1a9495d7390f145c3
                                                                                                        • Opcode Fuzzy Hash: 07208e919d944a24b8a2cd74736992d525e5c408d686e168bcbb5bb5e2d7fee3
                                                                                                        • Instruction Fuzzy Hash: BD90022164100C42D540B2989616707000687D0B01F91C417A4454514DC6368969B6B1
                                                                                                        Function 32E72F30 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 00098f70480b83a20c43d963e46a6b9f9af865859f9d26858d7712ce5ac1a48d
                                                                                                        • Instruction ID: 657999ff43eafcc4676390907e4b03c14725ba28bf7988938574d6c1e4a71b24
                                                                                                        • Opcode Fuzzy Hash: 00098f70480b83a20c43d963e46a6b9f9af865859f9d26858d7712ce5ac1a48d
                                                                                                        • Instruction Fuzzy Hash: 6B90022160144882D540A3985A06B0F410547E1702FD1C41FA8586514CC9358859A721
                                                                                                        Function 32E72F00 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 9e37d74c4f29ce4845680af67f90e998161d511f37cb55fd0a80fb79bfbacc2f
                                                                                                        • Instruction ID: 792f90fd6197fde31e38ffc9419ff73379a5e49aec2597786b0b8a74c69baa18
                                                                                                        • Opcode Fuzzy Hash: 9e37d74c4f29ce4845680af67f90e998161d511f37cb55fd0a80fb79bfbacc2f
                                                                                                        • Instruction Fuzzy Hash: BD90022161180482D600A6A85E16B07000547D0703F91C51BA4584514CC9358865A521
                                                                                                        Function 32E72CF0 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d2fa1f314456a299c10067c037effac3ef7fe685c4c42ccc0edfd135bc85a67c
                                                                                                        • Instruction ID: 56c3610810e0a0833246cb4ee45f639134b4f744eb7b973066da95951bdd7ae0
                                                                                                        • Opcode Fuzzy Hash: d2fa1f314456a299c10067c037effac3ef7fe685c4c42ccc0edfd135bc85a67c
                                                                                                        • Instruction Fuzzy Hash: 87900221642045925945F2985606507400657E07417D1C417A5844910CC536985AE621
                                                                                                        Function 32E72CD0 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 7973148e6bd9bed1fdd7c13b6ebcb9647f583aab04be345c9901fd682b781245
                                                                                                        • Instruction ID: 9f42ddd92989ca235789c6a33c16854fb67bfd910b2bcc014dd534b0cfc472fd
                                                                                                        • Opcode Fuzzy Hash: 7973148e6bd9bed1fdd7c13b6ebcb9647f583aab04be345c9901fd682b781245
                                                                                                        • Instruction Fuzzy Hash: 0F90023164100842D541B2985606606000957D0741FD1C417A4854514EC6758A5AFA61
                                                                                                        Function 32E73C90 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 83534e22da65305c20d9190e9c9489fc7228ddf258f79c2cd85d1e6eaa71b8fb
                                                                                                        • Instruction ID: c5d6d3fa89214384e15e8346fc84f5f43419c4490bba676275ecd1ce1b762e8d
                                                                                                        • Opcode Fuzzy Hash: 83534e22da65305c20d9190e9c9489fc7228ddf258f79c2cd85d1e6eaa71b8fb
                                                                                                        • Instruction Fuzzy Hash: 2A90023560100842D910A2986A06646004647D0701F91D817A4854518DC67488A5F121
                                                                                                        Function 32E72C50 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 5e47328319edc27fe7f8e24e3f8849cf89b7b511a7ec5a388f937493d9525e8d
                                                                                                        • Instruction ID: 92156864bd469f39dd1f5aed14f77f7a24458dbdcde4dd7bbb9f6f51e28f3f44
                                                                                                        • Opcode Fuzzy Hash: 5e47328319edc27fe7f8e24e3f8849cf89b7b511a7ec5a388f937493d9525e8d
                                                                                                        • Instruction Fuzzy Hash: E390022170100443D540B298661A606400597E1701F91D417E4844514CD935885AA222
                                                                                                        Function 32E72C20 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 301a9cf02e31b2e3c0bce4137c0519bb582ad573fe08143a425ff150ff6eb034
                                                                                                        • Instruction ID: 9ba0f9c910f3400e83a812f8857d654390858ecf446628294397e9ea112b59a5
                                                                                                        • Opcode Fuzzy Hash: 301a9cf02e31b2e3c0bce4137c0519bb582ad573fe08143a425ff150ff6eb034
                                                                                                        • Instruction Fuzzy Hash: 5790022160504882D500A698660AA06000547D0705F91D417A5494555DC6358855F131
                                                                                                        Function 32E73C30 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a69867608eaad60aad1329eca9ec51fa312ed4e19e5dd69822be952a1bf4f826
                                                                                                        • Instruction ID: e4fb2f56b275bd5ac84221e94dbb064ddd73873f3402aed86d3d82e4daf981aa
                                                                                                        • Opcode Fuzzy Hash: a69867608eaad60aad1329eca9ec51fa312ed4e19e5dd69822be952a1bf4f826
                                                                                                        • Instruction Fuzzy Hash: 0B900231602005829940A3986A06A4E410547E1702BD1D81BA4445514CC9348865A221
                                                                                                        Function 32E72C30 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 922625af82758002e9c06e335f5bd1167f166097c1fb1c1a389cb80fd724da06
                                                                                                        • Instruction ID: 5ec2363e48f414e13bc17a6df68e5675fb6dd6c6aa4f1af26295ce11cf4399af
                                                                                                        • Opcode Fuzzy Hash: 922625af82758002e9c06e335f5bd1167f166097c1fb1c1a389cb80fd724da06
                                                                                                        • Instruction Fuzzy Hash: 0F90022961300442D580B298660A60A000547D1702FD1D81BA4445518CC935886DA321
                                                                                                        Function 32E72C10 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: db3f68f2382ba013b06a620faffab14e69ebeddb8319a09c27c90d6e64efcb43
                                                                                                        • Instruction ID: 2debdc29014eb339ea6da2890b5e16c77d877bdad7be5c880ac1ab5f09d638c7
                                                                                                        • Opcode Fuzzy Hash: db3f68f2382ba013b06a620faffab14e69ebeddb8319a09c27c90d6e64efcb43
                                                                                                        • Instruction Fuzzy Hash: 0B90023160100843D500A298670A707000547D0701F91D817A4854518DD6768855B121
                                                                                                        Function 32E72DC0 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 7e767633273612d87b0a67369be06a9b978d165a3a135e58377cd94739c157e5
                                                                                                        • Instruction ID: 1ba986e297675450fa4a363de746e2805cc56fd89a729ff364b8a384b8443685
                                                                                                        • Opcode Fuzzy Hash: 7e767633273612d87b0a67369be06a9b978d165a3a135e58377cd94739c157e5
                                                                                                        • Instruction Fuzzy Hash: A090027160100842D540B2985606746000547D0701F91C417A9494514EC6798DD9B665
                                                                                                        Function 32E72DA0 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 384f77079a09942b6b170828222b4bbc16c37f79e886d8077e52904e36f220ff
                                                                                                        • Instruction ID: 2d9245fb671d6b8abd7658df10410a23960c9d0ac672b7883517ead3f844f3fc
                                                                                                        • Opcode Fuzzy Hash: 384f77079a09942b6b170828222b4bbc16c37f79e886d8077e52904e36f220ff
                                                                                                        • Instruction Fuzzy Hash: 5F900221A0100942D501B2985606616000A47D0741FD1C427A5454515ECA358996F131
                                                                                                        Function 32E72D50 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 73383a865a7fb0d180d64958c8a8053739bfb7e97410ff3f63b2d7ce3fba5a79
                                                                                                        • Instruction ID: 790cf4176241530f333fad87639f2e760adec10cd8456c03272fd7c0cafcd059
                                                                                                        • Opcode Fuzzy Hash: 73383a865a7fb0d180d64958c8a8053739bfb7e97410ff3f63b2d7ce3fba5a79
                                                                                                        • Instruction Fuzzy Hash: 6690022170100842D502A2985616606000987D1745FD1C417E5854515DC6358957F132
                                                                                                        Function 32E72B20 Relevance: .0, Instructions: 2COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                        • Instruction ID: 08406f64a5ddc198fa8d8bcb5fa2c1c6603775102837f11143643fba0e495bfc
                                                                                                        • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                        • Instruction Fuzzy Hash:
                                                                                                        Function 32B2DE2B Relevance: 56.5, Strings: 45, Instructions: 213COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 5 32b2de2b-32b2e017 6 32b2e019-32b2e024 5->6 6->6 7 32b2e026-32b2e041 6->7 8 32b2e047-32b2e060 7->8 9 32b2e0d4-32b2e0d8 7->9 10 32b2e068-32b2e0ca 8->10 11 32b2e0fa-32b2e0fe 9->11 12 32b2e0da-32b2e0f7 9->12 10->10 13 32b2e0cc-32b2e0cd 10->13 14 32b2e100-32b2e11e 11->14 15 32b2e121-32b2e125 11->15 12->11 13->9 14->15 16 32b2e142-32b2e15b 15->16 17 32b2e127-32b2e13f 15->17 17->16
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227588558.0000000032B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 32B20000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32b20000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                                                        • API String ID: 0-3558027158
                                                                                                        • Opcode ID: 407fa056566595c576a4764f57daec6c5a4f689614f0c688bf976a87ac242bb0
                                                                                                        • Instruction ID: cd0a1725d3492b70ab773d58e10c3244140de625f9a800e97a898883e628afa3
                                                                                                        • Opcode Fuzzy Hash: 407fa056566595c576a4764f57daec6c5a4f689614f0c688bf976a87ac242bb0
                                                                                                        • Instruction Fuzzy Hash: 39912CF04083988AC7158F55A0612AFFFB1EBC6305F15816DE7A6BB243C3BE89458B95
                                                                                                        Function 32B23BB1 Relevance: 31.3, Strings: 25, Instructions: 60COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 195 32b23bb1-32b23c85 196 32b23c88-32b23c96 195->196 196->196 197 32b23c98-32b23cb0 call 32b310a8 196->197
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227588558.0000000032B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 32B20000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32b20000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: ;%5$";&#$#;$<$#;%;$'!"$$5Rpv$5Tee$5[A5$: &"$;&#5$;'5F$=B|{$=^]A$V}gz$XY95$Xzo|$qzbf$tstg$w^|a$xp:!$ypBp$yyt:$y|~p$|: &$~z<5
                                                                                                        • API String ID: 0-2921030433
                                                                                                        • Opcode ID: 334c17b577a8355afea16a9f35ad22556fd274177893f46976d8191483d2c60d
                                                                                                        • Instruction ID: e8594da1a6fd2389a175857afbcf6eb38f6cd552b1c4ce8554581b9b2fb2132a
                                                                                                        • Opcode Fuzzy Hash: 334c17b577a8355afea16a9f35ad22556fd274177893f46976d8191483d2c60d
                                                                                                        • Instruction Fuzzy Hash: EE2164B040474DDFCB05CF84E981AEE7B74FF01354F91925DE8096F258C6B2829ACB85
                                                                                                        Function 32F0A1F0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 285timeCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 1032 32f0a1f0-32f0a269 call 32e42330 * 2 RtlDebugPrintTimes 1038 32f0a41f-32f0a444 call 32e424d0 * 2 call 32e74b50 1032->1038 1039 32f0a26f-32f0a27a 1032->1039 1041 32f0a2a4 1039->1041 1042 32f0a27c-32f0a289 1039->1042 1043 32f0a2a8-32f0a2b4 1041->1043 1045 32f0a28b-32f0a28d 1042->1045 1046 32f0a28f-32f0a295 1042->1046 1047 32f0a2c1-32f0a2c3 1043->1047 1045->1046 1049 32f0a373-32f0a375 1046->1049 1050 32f0a29b-32f0a2a2 1046->1050 1051 32f0a2c5-32f0a2c7 1047->1051 1052 32f0a2b6-32f0a2bc 1047->1052 1053 32f0a39f-32f0a3a1 1049->1053 1050->1043 1051->1053 1055 32f0a2cc-32f0a2d0 1052->1055 1056 32f0a2be 1052->1056 1057 32f0a2d5-32f0a2fd RtlDebugPrintTimes 1053->1057 1058 32f0a3a7-32f0a3b4 1053->1058 1061 32f0a3ec-32f0a3ee 1055->1061 1056->1047 1057->1038 1070 32f0a303-32f0a320 RtlDebugPrintTimes 1057->1070 1062 32f0a3b6-32f0a3c3 1058->1062 1063 32f0a3da-32f0a3e6 1058->1063 1061->1053 1066 32f0a3c5-32f0a3c9 1062->1066 1067 32f0a3cb-32f0a3d1 1062->1067 1064 32f0a3fb-32f0a3fd 1063->1064 1068 32f0a3f0-32f0a3f6 1064->1068 1069 32f0a3ff-32f0a401 1064->1069 1066->1067 1071 32f0a3d7 1067->1071 1072 32f0a4eb-32f0a4ed 1067->1072 1074 32f0a447-32f0a44b 1068->1074 1075 32f0a3f8 1068->1075 1073 32f0a403-32f0a409 1069->1073 1070->1038 1080 32f0a326-32f0a34c RtlDebugPrintTimes 1070->1080 1071->1063 1072->1073 1077 32f0a450-32f0a474 RtlDebugPrintTimes 1073->1077 1078 32f0a40b-32f0a41d RtlDebugPrintTimes 1073->1078 1076 32f0a51f-32f0a521 1074->1076 1075->1064 1077->1038 1083 32f0a476-32f0a493 RtlDebugPrintTimes 1077->1083 1078->1038 1080->1038 1085 32f0a352-32f0a354 1080->1085 1083->1038 1092 32f0a495-32f0a4c4 RtlDebugPrintTimes 1083->1092 1086 32f0a356-32f0a363 1085->1086 1087 32f0a377-32f0a38a 1085->1087 1089 32f0a365-32f0a369 1086->1089 1090 32f0a36b-32f0a371 1086->1090 1091 32f0a397-32f0a399 1087->1091 1089->1090 1090->1049 1090->1087 1093 32f0a39b-32f0a39d 1091->1093 1094 32f0a38c-32f0a392 1091->1094 1092->1038 1098 32f0a4ca-32f0a4cc 1092->1098 1093->1053 1095 32f0a394 1094->1095 1096 32f0a3e8-32f0a3ea 1094->1096 1095->1091 1096->1061 1099 32f0a4f2-32f0a505 1098->1099 1100 32f0a4ce-32f0a4db 1098->1100 1101 32f0a512-32f0a514 1099->1101 1102 32f0a4e3-32f0a4e9 1100->1102 1103 32f0a4dd-32f0a4e1 1100->1103 1104 32f0a516 1101->1104 1105 32f0a507-32f0a50d 1101->1105 1102->1072 1102->1099 1103->1102 1104->1069 1106 32f0a51b-32f0a51d 1105->1106 1107 32f0a50f 1105->1107 1106->1076 1107->1101
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DebugPrintTimes
                                                                                                        • String ID: HEAP:
                                                                                                        • API String ID: 3446177414-2466845122
                                                                                                        • Opcode ID: 756464e373f6d71014635ece803728d4664a03ead8dd89c066f2613c0437e108
                                                                                                        • Instruction ID: a40009eadbd2ce5937a4fc32506749136722bfb2298e7969e4e82bff19920a54
                                                                                                        • Opcode Fuzzy Hash: 756464e373f6d71014635ece803728d4664a03ead8dd89c066f2613c0437e108
                                                                                                        • Instruction Fuzzy Hash: E4A1B97A7143118FD704CE28C890A1AB7E1FB88754F148A29EB45DB360EB71EC49DF91
                                                                                                        Function 32E67550 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 194COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • Execute=1, xrefs: 32EA451E
                                                                                                        • ExecuteOptions, xrefs: 32EA44AB
                                                                                                        • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 32EA4507
                                                                                                        • CLIENT(ntdll): Processing section info %ws..., xrefs: 32EA4592
                                                                                                        • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 32EA4460
                                                                                                        • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 32EA454D
                                                                                                        • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 32EA4530
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                        • API String ID: 0-484625025
                                                                                                        • Opcode ID: cec757cccdf1365db5a6e3174de5d0d39100834b67b4987dafdaa95c613d6960
                                                                                                        • Instruction ID: 42574f14ae5b0c78d77a039f445e319e48c338f3bb03beaf3c598f1b308dd7cc
                                                                                                        • Opcode Fuzzy Hash: cec757cccdf1365db5a6e3174de5d0d39100834b67b4987dafdaa95c613d6960
                                                                                                        • Instruction Fuzzy Hash: CD514A75A40319AAEF149AA4DC97FBD73A8EF0434CF4084E9E905AB181EF709A41DF91
                                                                                                        Function 32E4A170 Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 404COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 32E977E2
                                                                                                        • Actx , xrefs: 32E97819, 32E97880
                                                                                                        • SsHd, xrefs: 32E4A304
                                                                                                        • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 32E97807
                                                                                                        • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 32E978F3
                                                                                                        • RtlpFindActivationContextSection_CheckParameters, xrefs: 32E977DD, 32E97802
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                                                                                        • API String ID: 0-1988757188
                                                                                                        • Opcode ID: dd3859f5f206656bf6a847f9cf57fbb5c61c59360b9c47dc807a6d0e1396f8c8
                                                                                                        • Instruction ID: c5fc93575ab97bdf1244e10519846774ac96082b07c7fea239da2a64bb0d5a6b
                                                                                                        • Opcode Fuzzy Hash: dd3859f5f206656bf6a847f9cf57fbb5c61c59360b9c47dc807a6d0e1396f8c8
                                                                                                        • Instruction Fuzzy Hash: B4E1C0B46043018FE714CE64D8A775A77E5BB8436CF508A2EEC658B390DF35D849CB91
                                                                                                        Function 32E4D690 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 372timeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 32E99153
                                                                                                        • GsHd, xrefs: 32E4D794
                                                                                                        • Actx , xrefs: 32E99315
                                                                                                        • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 32E99178
                                                                                                        • RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section, xrefs: 32E99372
                                                                                                        • RtlpFindActivationContextSection_CheckParameters, xrefs: 32E9914E, 32E99173
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DebugPrintTimes
                                                                                                        • String ID: Actx $GsHd$RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.
                                                                                                        • API String ID: 3446177414-2196497285
                                                                                                        • Opcode ID: 74316571a63dcff931dfa9960df421a28077bafa1bf6d0716cf4941b5d65b8f0
                                                                                                        • Instruction ID: 3881583114087ff1529113fab569ca2d762f77957a93de64d98746c63ec26716
                                                                                                        • Opcode Fuzzy Hash: 74316571a63dcff931dfa9960df421a28077bafa1bf6d0716cf4941b5d65b8f0
                                                                                                        • Instruction Fuzzy Hash: 1AE1E074608341CFE704CF55D882B5AB7E4BF8875CF418A6EE9958B281DF74E844CB92
                                                                                                        Function 32EAFA02 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 109timeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DebugPrintTimes
                                                                                                        • String ID: $$Failed to find export %s!%s (Ordinal:%d) in "%wZ" 0x%08lx$LdrpRedirectDelayloadFailure$Unknown$minkernel\ntdll\ldrdload.c
                                                                                                        • API String ID: 3446177414-4227709934
                                                                                                        • Opcode ID: 529923b83f628d55f72c8c3cbeb244dfe3d5ccc7464f4f9b7cbc8c8fb02855aa
                                                                                                        • Instruction ID: a8b020f62c48e41bc37fc1d1f892201069c67c87d10c42fccb611513a1ceeeb6
                                                                                                        • Opcode Fuzzy Hash: 529923b83f628d55f72c8c3cbeb244dfe3d5ccc7464f4f9b7cbc8c8fb02855aa
                                                                                                        • Instruction Fuzzy Hash: F34160B9901209ABDF01CF95C8A2ADEBBB5FF48758F118029EC05BB350D7729941CB90
                                                                                                        Function 32E39046 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 199timeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DebugPrintTimes
                                                                                                        • String ID: $$@$@wvv
                                                                                                        • API String ID: 3446177414-308019571
                                                                                                        • Opcode ID: c169e202189a28cf57fa3a1e7bc79934e7236bfd0ce9594a1ad9bccad4396304
                                                                                                        • Instruction ID: f05222128c0015e2f96bda782766191c0496b28a0ad4773de89d2bcec5fcafd9
                                                                                                        • Opcode Fuzzy Hash: c169e202189a28cf57fa3a1e7bc79934e7236bfd0ce9594a1ad9bccad4396304
                                                                                                        • Instruction Fuzzy Hash: B7815275D012699BDB65CF54CC42BDEB7B8AF09714F0081DAEA19B7240DB709E85CFA0
                                                                                                        Function 32EDF8F8 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 190timeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DebugPrintTimes
                                                                                                        • String ID: About to free block at %p$About to free block at %p with tag %ws$HEAP: $HEAP[%wZ]: $RtlFreeHeap
                                                                                                        • API String ID: 3446177414-3492000579
                                                                                                        • Opcode ID: c8c42eab0d6799bbfa27039ca0851f8c10441280231f753db3b14c9543d94e87
                                                                                                        • Instruction ID: 03683ac3ac15b15e5cc2ca60b45a99bbd35b10ade10d3ee332de17fc37dc9c65
                                                                                                        • Opcode Fuzzy Hash: c8c42eab0d6799bbfa27039ca0851f8c10441280231f753db3b14c9543d94e87
                                                                                                        • Instruction Fuzzy Hash: 2F710E759117849FDB05DFA8C0A26ADFBF2FF49308F04C05AE849AB251CB709982CF80
                                                                                                        Function 32E26565 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 184timeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        • LdrpLoadShimEngine, xrefs: 32E8984A, 32E8988B
                                                                                                        • Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 32E89885
                                                                                                        • Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 32E89843
                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 32E89854, 32E89895
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DebugPrintTimes
                                                                                                        • String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                        • API String ID: 3446177414-3589223738
                                                                                                        • Opcode ID: 4c8ec3a9c80f4dc9e64a5659ffea3cef29289cf214b22d1ebe9cb95d1fd2f370
                                                                                                        • Instruction ID: 304dbf8fbc11df9e435ba27ebba9d3103e7ba01276ad1b253fbc5f1f1151c18e
                                                                                                        • Opcode Fuzzy Hash: 4c8ec3a9c80f4dc9e64a5659ffea3cef29289cf214b22d1ebe9cb95d1fd2f370
                                                                                                        • Instruction Fuzzy Hash: 23515679A113589FEB04DBA8CC56B9CB7A5FB41B08F058A25F946BF295CBB09C41C780
                                                                                                        Function 32E5DA20 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 133timeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DebugPrintTimes
                                                                                                        • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlUnlockHeap
                                                                                                        • API String ID: 3446177414-3224558752
                                                                                                        • Opcode ID: d29ab971bdb0a6170d07f59c32b5d8ada1e8f2a93655d1ec277b152e306d7b9c
                                                                                                        • Instruction ID: 6b6957d63eb99920155b73e2849eca0b3853b77d32324107e8b083d872e4a616
                                                                                                        • Opcode Fuzzy Hash: d29ab971bdb0a6170d07f59c32b5d8ada1e8f2a93655d1ec277b152e306d7b9c
                                                                                                        • Instruction Fuzzy Hash: 55414874624700DFEB11DF64C447B8AB3A4FF42368F24C5A9F81597282CB78E981CB91
                                                                                                        Function 32EDECD7 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 128timeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        • Entry Heap Size , xrefs: 32EDEDED
                                                                                                        • ---------------------------------------, xrefs: 32EDEDF9
                                                                                                        • HEAP: , xrefs: 32EDECDD
                                                                                                        • Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information, xrefs: 32EDEDE3
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DebugPrintTimes
                                                                                                        • String ID: ---------------------------------------$Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information$Entry Heap Size $HEAP:
                                                                                                        • API String ID: 3446177414-1102453626
                                                                                                        • Opcode ID: e7b4103358f7c8125defaaa86b4a96d3ad8bbe016667418c5f1f41af9c19fe52
                                                                                                        • Instruction ID: 1a7b69d07c8736cdd217be548e17a5b32ea71bcfb47205408865dff3d583fef4
                                                                                                        • Opcode Fuzzy Hash: e7b4103358f7c8125defaaa86b4a96d3ad8bbe016667418c5f1f41af9c19fe52
                                                                                                        • Instruction Fuzzy Hash: 13418D39A11719DFC704DF24C489A59BBB5FF4A75872AC8A9E805AB210CB71EC43CBD0
                                                                                                        Function 32E5DAC0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 84timeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DebugPrintTimes
                                                                                                        • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlLockHeap
                                                                                                        • API String ID: 3446177414-1222099010
                                                                                                        • Opcode ID: a889e71aa7a4ed4418a1ba86ba75a526b665a632f998babd94e41b6d0a4a1ae0
                                                                                                        • Instruction ID: 78eb6691987ebca5677296465bbaeeea6bb2a944a1705b5c824ffab200b91ca5
                                                                                                        • Opcode Fuzzy Hash: a889e71aa7a4ed4418a1ba86ba75a526b665a632f998babd94e41b6d0a4a1ae0
                                                                                                        • Instruction Fuzzy Hash: AE315675121B84EFE722DB64C41BF8977E4EF01758F04C48AF842676A1CBB9E981CB51
                                                                                                        Function 32E64C3D Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 117timeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        • Querying the active activation context failed with status 0x%08lx, xrefs: 32EA3466
                                                                                                        • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 32EA3439
                                                                                                        • minkernel\ntdll\ldrsnap.c, xrefs: 32EA344A, 32EA3476
                                                                                                        • LdrpFindDllActivationContext, xrefs: 32EA3440, 32EA346C
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DebugPrintTimes
                                                                                                        • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                                        • API String ID: 3446177414-3779518884
                                                                                                        • Opcode ID: e5decf5553e6f80f3a8c92f7605ce9d9e65237d6d50f32898284a13c4ed550af
                                                                                                        • Instruction ID: 5606f2a605173ea31dd8cb929916f9b90adc6c56c51593af8afac3365f2df789
                                                                                                        • Opcode Fuzzy Hash: e5decf5553e6f80f3a8c92f7605ce9d9e65237d6d50f32898284a13c4ed550af
                                                                                                        • Instruction Fuzzy Hash: 0D31E3ABA81751ABFB319B04C847BF5B7A6AB4179CF46C166EC006B350DB609DC0C6E1
                                                                                                        Function 32B23AA9 Relevance: 8.8, Strings: 7, Instructions: 99COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227588558.0000000032B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 32B20000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32b20000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: HYDH$LPU_$UQ][$U_]H$]HUS$]JUZ$]LLP
                                                                                                        • API String ID: 0-1800400536
                                                                                                        • Opcode ID: 64279eaad89b32bd996c2e165d779f1ddae72a478ecf51e9cce80b56bab29252
                                                                                                        • Instruction ID: a532ca3402a77b772fe19b5f31b7d5b1c82f0fe6765904adb3b890c1273f31fa
                                                                                                        • Opcode Fuzzy Hash: 64279eaad89b32bd996c2e165d779f1ddae72a478ecf51e9cce80b56bab29252
                                                                                                        • Instruction Fuzzy Hash: 8541D7B0514348DFEB019F14C044BCEBBB0FB05B18F81552DE86AAB240DBB68259CB86
                                                                                                        Function 32E2F8B0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 263timeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DebugPrintTimes
                                                                                                        • String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                        • API String ID: 3446177414-3610490719
                                                                                                        • Opcode ID: ae50c2485bb9a914438c0c8c4319bbb187d3277755414ea0241b90153867caf6
                                                                                                        • Instruction ID: fbda1e8616e4fc15e99502192e74c123e7bc53ba4381842af0ad39a0086fd806
                                                                                                        • Opcode Fuzzy Hash: ae50c2485bb9a914438c0c8c4319bbb187d3277755414ea0241b90153867caf6
                                                                                                        • Instruction Fuzzy Hash: C3912675214740AFE719EF64C842B2AB7A5FF44B48F04C559F886AB281DF74E841CBD2
                                                                                                        Function 32E50AEB Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 210timeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        • Failed to allocated memory for shimmed module list, xrefs: 32E99F1C
                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 32E99F2E
                                                                                                        • LdrpCheckModule, xrefs: 32E99F24
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DebugPrintTimes
                                                                                                        • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                        • API String ID: 3446177414-161242083
                                                                                                        • Opcode ID: 557768902541487255b2ccb2ba4579f9b96b357daad490fba9b5c95320cfcac2
                                                                                                        • Instruction ID: c383c6f9f2aec18dd87e05f2bf37954b53992df56857b52f3e7193e3a31b560a
                                                                                                        • Opcode Fuzzy Hash: 557768902541487255b2ccb2ba4579f9b96b357daad490fba9b5c95320cfcac2
                                                                                                        • Instruction Fuzzy Hash: D771C479A107059FEB04DF68C992BAEB7F4EF48708F258469E901A7250E774ED82CB50
                                                                                                        Function 32E5EE48 Relevance: 6.3, APIs: 4, Instructions: 347COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a334acebf3a6805150211e44af3f77b7bbfe49a7c047196201b164fd5d6945a4
                                                                                                        • Instruction ID: 3bf5f9422ebb7ce7484baf2a38a42261955c08e1554732217d5f24d1e811017c
                                                                                                        • Opcode Fuzzy Hash: a334acebf3a6805150211e44af3f77b7bbfe49a7c047196201b164fd5d6945a4
                                                                                                        • Instruction Fuzzy Hash: 08E1FF74D20708CFDB25CFA9D981A8DBBF5FF49318F24852AE945A7261DB70A841CF60
                                                                                                        Function 32F0A04A Relevance: 6.2, APIs: 4, Instructions: 170timeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DebugPrintTimes
                                                                                                        • String ID:
                                                                                                        • API String ID: 3446177414-0
                                                                                                        • Opcode ID: 71ab76a284a61af47455d7122122bfad6269a5b03282b94d99f15edf87523c6a
                                                                                                        • Instruction ID: e30f4a8da81f18ef61bee7173fc69b99341b6260a187280fbd7d5f277621c3c9
                                                                                                        • Opcode Fuzzy Hash: 71ab76a284a61af47455d7122122bfad6269a5b03282b94d99f15edf87523c6a
                                                                                                        • Instruction Fuzzy Hash: CC517D79714616DFFB08CE18C890A19B7E1BB8D754B108A6DDB06D7710DB71AC49EF80
                                                                                                        Function 32E67A4F Relevance: 6.1, APIs: 4, Instructions: 81timethreadCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DebugPrintTimes$BaseInitThreadThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 4281723722-0
                                                                                                        • Opcode ID: 9c934a391e7aa8b6e0535bbc986574e846f4eddda4e640183497da564a2ee237
                                                                                                        • Instruction ID: c13e90c4e9aadedb1b4199a2c01cb00ee01ec27f7d5889286aecceb0b1d88270
                                                                                                        • Opcode Fuzzy Hash: 9c934a391e7aa8b6e0535bbc986574e846f4eddda4e640183497da564a2ee237
                                                                                                        • Instruction Fuzzy Hash: 7731327AE51268DFDF04DFA8D856A9DBBF0EB48720F11852AF911BB280CB305941CF90
                                                                                                        Function 32E358E0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 494COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: @
                                                                                                        • API String ID: 0-2766056989
                                                                                                        • Opcode ID: af2a40464991756e1214c236b4bad12731cfac6979f5e50c547508d439afdecc
                                                                                                        • Instruction ID: 9f9aeb8a5cddf036df952d5ce17d51e72524994287c23354fc3cd06a6cb1e675
                                                                                                        • Opcode Fuzzy Hash: af2a40464991756e1214c236b4bad12731cfac6979f5e50c547508d439afdecc
                                                                                                        • Instruction Fuzzy Hash: 49325974D01329DFEB26CF64C846BD9BBB0BF09309F4080EAD659A7240DBB55A84DF90
                                                                                                        Function 32ED8B90 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 298COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: HEAP: ${2
                                                                                                        • API String ID: 0-1818709123
                                                                                                        • Opcode ID: a7f7b7d58584edb517fbe1ad4f5a91501cb357fd6b7de7f43780f9da6f54bdb4
                                                                                                        • Instruction ID: e8f7b1e1bcfd066208f51379010c29fd14c21b50ef3a18ff454156fd88686cd8
                                                                                                        • Opcode Fuzzy Hash: a7f7b7d58584edb517fbe1ad4f5a91501cb357fd6b7de7f43780f9da6f54bdb4
                                                                                                        • Instruction Fuzzy Hash: 9CB1A0716093059FD720CF29D882B5BB7E5FF84758F508A6EF9948B2A0DB30D806CB52
                                                                                                        Function 32E64B79 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 0$Flst
                                                                                                        • API String ID: 0-758220159
                                                                                                        • Opcode ID: 032fafeba0f9cad7768c99e7b227e584afb632ccf43e64f83c5342b494090d4f
                                                                                                        • Instruction ID: 8947a3ea2da815800aad7e9ff71216c1b8f4842002ab4f50237654bdc521d543
                                                                                                        • Opcode Fuzzy Hash: 032fafeba0f9cad7768c99e7b227e584afb632ccf43e64f83c5342b494090d4f
                                                                                                        • Instruction Fuzzy Hash: 0C51ADB6A417488FEB24CF94C4967A9FBF5EF8475CF14C02AD8499B240EB709985CB90
                                                                                                        Function 32E2E67A Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109timeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DebugPrintTimes
                                                                                                        • String ID: ^2
                                                                                                        • API String ID: 3446177414-168815696
                                                                                                        • Opcode ID: 4468832df6347a2e96cefd05d2de200a2bae101e47c0fc6e439ce816d7d39699
                                                                                                        • Instruction ID: d75044ef7ac7c9fe333ccb49139b7301153ab77638cf5e2d38a5de3e154fda75
                                                                                                        • Opcode Fuzzy Hash: 4468832df6347a2e96cefd05d2de200a2bae101e47c0fc6e439ce816d7d39699
                                                                                                        • Instruction Fuzzy Hash: 23419EB9A00321DFD705DF29C486655BBE5FF99714B14C06AEC09CB361CB70E881CBA0
                                                                                                        Function 32E2DF21 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DebugPrintTimes
                                                                                                        • String ID: 0$0
                                                                                                        • API String ID: 3446177414-203156872
                                                                                                        • Opcode ID: 5e85c414c44bfd2d63a2a2a384aaad5a1362feecfab0a92a11a9f3c165b00073
                                                                                                        • Instruction ID: 19ab8bc13fe6dc290d8f4b7dade4e79f1a34de1a8a2c54e7cf8dd3ccd4cfaddb
                                                                                                        • Opcode Fuzzy Hash: 5e85c414c44bfd2d63a2a2a384aaad5a1362feecfab0a92a11a9f3c165b00073
                                                                                                        • Instruction Fuzzy Hash: 5E417CB56087459FE300CF69C445A5ABBE4BF89758F048A2EF989DB300D771EA05CB86
                                                                                                        Function 32E2E880 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55timeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.13227773451.0000000032E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 32E00000, based on PE: true
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000001.00000002.13227773451.0000000032F2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_32e00000_FACTURA-002297.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DebugPrintTimes
                                                                                                        • String ID: 2$m2
                                                                                                        • API String ID: 3446177414-2299901076
                                                                                                        • Opcode ID: cf37935be64b2390f491f940027a5e85e5ca93db8e59d2cde4b3e661b3a5aac3
                                                                                                        • Instruction ID: a6e0ea11b4e8954cbbe6d1d80ad9db502414594f4d47ee812db7ff382f39daad
                                                                                                        • Opcode Fuzzy Hash: cf37935be64b2390f491f940027a5e85e5ca93db8e59d2cde4b3e661b3a5aac3
                                                                                                        • Instruction Fuzzy Hash: A211F6B5A11218AFDF10CF98D881ADEBBB4FF4C360F10401AF911B3240D771A954CBA0

                                                                                                        Execution Graph

                                                                                                        Execution Coverage:2.1%
                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                        Signature Coverage:0%
                                                                                                        Total number of Nodes:19
                                                                                                        Total number of Limit Nodes:0
                                                                                                        execution_graph 4051 3e0ebd0 4054 3e0ebe5 4051->4054 4052 3e0ec65 SleepEx 4053 3e0ecb5 NtCreateSection 4052->4053 4052->4054 4055 3e0ec92 4053->4055 4054->4052 4054->4055 4036 3e12f37 4037 3e12f3c 4036->4037 4038 3e13044 4037->4038 4040 3e0edd3 4037->4040 4043 3e0edf9 4040->4043 4041 3e0ee18 4041->4038 4042 3e0ee27 SleepEx 4042->4043 4045 3e0ee5b 4042->4045 4043->4041 4043->4042 4044 3e0ee94 NtResumeThread 4044->4041 4045->4041 4045->4044 4046 3e0ec3b 4049 3e0ec4a 4046->4049 4047 3e0ec65 SleepEx 4048 3e0ecb5 NtCreateSection 4047->4048 4047->4049 4050 3e0ec92 4048->4050 4049->4047 4049->4050

                                                                                                        Executed Functions

                                                                                                        Function 03E0EBD0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 174nativeCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 0 3e0ebd0-3e0ebe3 1 3e0ebe5 0->1 2 3e0ec4b-3e0ec5d 0->2 3 3e0ebe7-3e0ec12 1->3 4 3e0ec5e-3e0ec63 1->4 2->4 3->2 6 3e0ec65-3e0ec71 SleepEx 4->6 7 3e0ec73-3e0ec77 6->7 8 3e0ecb5-3e0ed0a NtCreateSection 6->8 9 3e0ec79-3e0ec86 call 3e1bec3 7->9 10 3e0ec8b-3e0ec90 7->10 11 3e0ec92-3e0ec99 8->11 12 3e0ed0c-3e0ed25 8->12 9->10 10->6 10->11 14 3e0ec9b-3e0ecb4 11->14 12->11 16 3e0ed2b-3e0ed6a 12->16 16->11 18 3e0ed70-3e0edae 16->18 18->11 20 3e0edb4-3e0edcc 18->20 20->14
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.17473393474.0000000003B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B50000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_3b50000_RAVCpl64.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CreateSectionSleep
                                                                                                        • String ID: 0$@$@
                                                                                                        • API String ID: 2866269021-3221051908
                                                                                                        • Opcode ID: ecc48c8b9e49aba649bdce03b80a7305576d51156abe5fa8b438fd95c911a9c4
                                                                                                        • Instruction ID: 870ef44d262daa7eb230ed2cb91c40b45f2c4cae1a310bfcbb3c66f719aad2b2
                                                                                                        • Opcode Fuzzy Hash: ecc48c8b9e49aba649bdce03b80a7305576d51156abe5fa8b438fd95c911a9c4
                                                                                                        • Instruction Fuzzy Hash: 1051CF71918B488FC719CF18D8852DEBBF4FF88710F10062EE88A97291DB35D581CB86
                                                                                                        Function 03E0EDD3 Relevance: 3.1, APIs: 2, Instructions: 92nativethreadCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.17473393474.0000000003B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B50000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_3b50000_RAVCpl64.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ResumeSleepThread
                                                                                                        • String ID:
                                                                                                        • API String ID: 1530989685-0
                                                                                                        • Opcode ID: 5fec67864056c09bc9aaa3d34206ce9274a471ec975c8b0fa745e485cfda6ffb
                                                                                                        • Instruction ID: 42bda3073d4666fdab61e7f7649cfcb8cea8bb7d26db7d8e2a58a56f2bccd44c
                                                                                                        • Opcode Fuzzy Hash: 5fec67864056c09bc9aaa3d34206ce9274a471ec975c8b0fa745e485cfda6ffb
                                                                                                        • Instruction Fuzzy Hash: 6F216074518B4E8FDB58DF78944576AB7D1FB98314F101B3ED8AAC3291EB70D4828741
                                                                                                        Function 03E0EC3B Relevance: 1.6, APIs: 1, Instructions: 55nativeCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 41 3e0ec3b-3e0ec63 43 3e0ec65-3e0ec71 SleepEx 41->43 44 3e0ec73-3e0ec77 43->44 45 3e0ecb5-3e0ed0a NtCreateSection 43->45 46 3e0ec79-3e0ec86 call 3e1bec3 44->46 47 3e0ec8b-3e0ec90 44->47 48 3e0ec92-3e0ec99 45->48 49 3e0ed0c-3e0ed25 45->49 46->47 47->43 47->48 51 3e0ec9b-3e0ecb4 48->51 49->48 53 3e0ed2b-3e0ed6a 49->53 53->48 55 3e0ed70-3e0edae 53->55 55->48 57 3e0edb4-3e0edcc 55->57 57->51
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.17473393474.0000000003B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B50000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_3b50000_RAVCpl64.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CreateSectionSleep
                                                                                                        • String ID:
                                                                                                        • API String ID: 2866269021-0
                                                                                                        • Opcode ID: e256ba99ca2e8df73d4bef9c632c67323f3053b72e425abc3965123d84c068dd
                                                                                                        • Instruction ID: deb921ab99568312b5685877722295fb60a14f606613ead24775adb70a0eacf2
                                                                                                        • Opcode Fuzzy Hash: e256ba99ca2e8df73d4bef9c632c67323f3053b72e425abc3965123d84c068dd
                                                                                                        • Instruction Fuzzy Hash: 7F012B3260AB888FC71ECF44A8811F977A2FF82270F141B6AC895572D1C736944286C6

                                                                                                        Execution Graph

                                                                                                        Execution Coverage:0.5%
                                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                                        Signature Coverage:0%
                                                                                                        Total number of Nodes:9
                                                                                                        Total number of Limit Nodes:1
                                                                                                        execution_graph 67963 2d729f0 LdrInitializeThunk 67966 2b6eeba 67967 2b6eeed 67966->67967 67968 2b6f057 NtQueryInformationProcess 67967->67968 67969 2b6f091 67967->67969 67968->67969 67976 2d72b20 67978 2d72b2a 67976->67978 67979 2d72b31 67978->67979 67980 2d72b3f LdrInitializeThunk 67978->67980

                                                                                                        Executed Functions

                                                                                                        Function 02B6EEBA Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 547nativeCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 0 2b6eeba-2b6eeeb 1 2b6eeed-2b6ef04 call 2b710d8 0->1 2 2b6ef09-2b6ef28 call 2b710f8 call 2b6cec8 0->2 1->2 8 2b6f4e6-2b6f4f1 2->8 9 2b6ef2e-2b6f02e call 2b6edf8 call 2b710f8 call 2b75064 call 2b60398 call 2b706b8 call 2b60398 call 2b706b8 call 2b72dc8 2->9 26 2b6f034-2b6f08c call 2b60398 call 2b706b8 NtQueryInformationProcess call 2b710f8 9->26 27 2b6f4da-2b6f4e1 call 2b6edf8 9->27 34 2b6f091-2b6f0c2 call 2b60398 call 2b706b8 26->34 27->8 39 2b6f0d6-2b6f14c call 2b75072 call 2b60398 call 2b706b8 34->39 40 2b6f0c4-2b6f0d1 34->40 39->40 49 2b6f152-2b6f164 call 2b7509c 39->49 40->27 52 2b6f166-2b6f1af call 2b71de8 49->52 53 2b6f1b4-2b6f1f4 call 2b60398 call 2b706b8 call 2b73728 49->53 52->27 63 2b6f1f6-2b6f20e 53->63 64 2b6f213-2b6f303 call 2b60398 call 2b706b8 call 2b750aa call 2b60398 call 2b706b8 call 2b730e8 call 2b710a8 * 3 call 2b7509c 53->64 63->27 87 2b6f305-2b6f32e call 2b7509c call 2b710a8 call 2b750fe call 2b750b8 64->87 88 2b6f330-2b6f345 call 2b7509c 64->88 99 2b6f385-2b6f38f 87->99 94 2b6f347-2b6f369 call 2b72898 88->94 95 2b6f36e-2b6f380 call 2b71d28 88->95 94->95 95->99 101 2b6f457-2b6f4ba call 2b60398 call 2b706b8 call 2b73a48 99->101 102 2b6f395-2b6f3df call 2b60398 call 2b706b8 call 2b73408 call 2b7509c 99->102 101->27 127 2b6f4bc-2b6f4d5 call 2b710d8 101->127 121 2b6f414-2b6f41b 102->121 122 2b6f3e1-2b6f40a call 2b75148 call 2b750fe 102->122 124 2b6f427-2b6f432 121->124 125 2b6f41d-2b6f425 call 2b7509c 121->125 122->121 124->101 129 2b6f434-2b6f452 call 2b73d68 124->129 125->101 125->124 127->27 129->101
                                                                                                        APIs
                                                                                                        • NtQueryInformationProcess.NTDLL ref: 02B6F076
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.14765249842.0000000002B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_2b60000_SecEdit.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InformationProcessQuery
                                                                                                        • String ID: 0
                                                                                                        • API String ID: 1778838933-4108050209
                                                                                                        • Opcode ID: e350af2d25e8185498569a65e6cab54bc3c57a624a3b141a1f85aac9bd0ff6c1
                                                                                                        • Instruction ID: b5e5fdeb99681a3c9c18851d98638bcc8c058a3ba851fb24e1083e2aa00e4c26
                                                                                                        • Opcode Fuzzy Hash: e350af2d25e8185498569a65e6cab54bc3c57a624a3b141a1f85aac9bd0ff6c1
                                                                                                        • Instruction Fuzzy Hash: 1C024870518A8C8FDBA5EF68D894AEE77E2FB98300F10466AD85EC7640DF34D245CB81
                                                                                                        Function 02D734E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 152 2d734e0-2d734ec LdrInitializeThunk
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.14765387311.0000000002D00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D00000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.14765387311.0000000002E29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.14765387311.0000000002E2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_2d00000_SecEdit.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 9a44e4e09f3f30269a48324fbc893102794eb4a062a850c572ff9cabf41d2391
                                                                                                        • Instruction ID: d77208f6dd03fad2ce49c45c3056bc45a6d8fbbe34bb17e18a6646a3483761a4
                                                                                                        • Opcode Fuzzy Hash: 9a44e4e09f3f30269a48324fbc893102794eb4a062a850c572ff9cabf41d2391
                                                                                                        • Instruction Fuzzy Hash: 4B90023160510842D5007258561470B101587D0201FA1C815A0418578DC7A58D5176A2
                                                                                                        Function 02D72A80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 141 2d72a80-2d72a8c LdrInitializeThunk
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.14765387311.0000000002D00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D00000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.14765387311.0000000002E29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.14765387311.0000000002E2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_2d00000_SecEdit.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: e436e5346545b8d34371a17c37f074e064e8bef421f5045e350a26fe62ae27a3
                                                                                                        • Instruction ID: 700db886227f15ef946bf01d13d7a10aed38de5f4dd32c740be8aa1dc120889c
                                                                                                        • Opcode Fuzzy Hash: e436e5346545b8d34371a17c37f074e064e8bef421f5045e350a26fe62ae27a3
                                                                                                        • Instruction Fuzzy Hash: CA9002612020044345057258551461B401A87E0201B91C425E10085B0DC5358C917225
                                                                                                        Function 02D72BC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 146 2d72bc0-2d72bcc LdrInitializeThunk
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.14765387311.0000000002D00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D00000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.14765387311.0000000002E29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.14765387311.0000000002E2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_2d00000_SecEdit.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: f3590f139919b3d7cf7428c6684d96a85dceec387fa6a2fab7904428ecfab996
                                                                                                        • Instruction ID: 13c8db2b51a412fb665627b8930d279dcf3298f7debf634e529aae651a790194
                                                                                                        • Opcode Fuzzy Hash: f3590f139919b3d7cf7428c6684d96a85dceec387fa6a2fab7904428ecfab996
                                                                                                        • Instruction Fuzzy Hash: 1290023120100842D5007698650864B001587E0301F91D415A5018575EC6758C917231
                                                                                                        Function 02D72B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 145 2d72b90-2d72b9c LdrInitializeThunk
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.14765387311.0000000002D00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D00000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.14765387311.0000000002E29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.14765387311.0000000002E2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_2d00000_SecEdit.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: b64a5c6e56020630bfd7c9520a3f1ee33413b875b74fd707256ac6ea21155d40
                                                                                                        • Instruction ID: f873dea98eadf6a20f235cd2754b1d3cf7a381c3a1af3740446a9074c6fcc68c
                                                                                                        • Opcode Fuzzy Hash: b64a5c6e56020630bfd7c9520a3f1ee33413b875b74fd707256ac6ea21155d40
                                                                                                        • Instruction Fuzzy Hash: E790023120108C42D5107258950474F001587D0301F95C815A4418678DC6A58C917221
                                                                                                        Function 02D72B80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 144 2d72b80-2d72b8c LdrInitializeThunk
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.14765387311.0000000002D00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D00000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.14765387311.0000000002E29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.14765387311.0000000002E2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_2d00000_SecEdit.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 7e802f0b5b199034bab8c75910dbb02bfca38ae73be4db97610d6bedefe59f18
                                                                                                        • Instruction ID: 579a6360a834ba44d9c3b1f567c4a628b5621ab98ad130c350fa48efbf86f2ec
                                                                                                        • Opcode Fuzzy Hash: 7e802f0b5b199034bab8c75910dbb02bfca38ae73be4db97610d6bedefe59f18
                                                                                                        • Instruction Fuzzy Hash: 5590023120100C82D50072585504B4B001587E0301F91C41AA0118674DC625CC517621
                                                                                                        Function 02D72B10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 143 2d72b10-2d72b1c LdrInitializeThunk
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.14765387311.0000000002D00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D00000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.14765387311.0000000002E29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.14765387311.0000000002E2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_2d00000_SecEdit.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 0d0b484667497acc312130ea89fd95ac50c5f1496534064161a2ee95021bedc6
                                                                                                        • Instruction ID: 966065f411f9f2a0c2689d9516514ebbb1de06ef2421ff67b6a3d94a3e815ace
                                                                                                        • Opcode Fuzzy Hash: 0d0b484667497acc312130ea89fd95ac50c5f1496534064161a2ee95021bedc6
                                                                                                        • Instruction Fuzzy Hash: 6890023120100C42D5807258550464F001587D1301FD1C419A0019674DCA258E5977A1
                                                                                                        Function 02D72B00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 142 2d72b00-2d72b0c LdrInitializeThunk
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.14765387311.0000000002D00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D00000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.14765387311.0000000002E29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.14765387311.0000000002E2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_2d00000_SecEdit.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 09c1b23ddd656e86f47062a209f85bb5aa11e004bac2bcff866b0b31471a8e6d
                                                                                                        • Instruction ID: 29533e3d620e78c3949d9b69c6340629c5d759fec7a65f1e3a89f6c650e0666d
                                                                                                        • Opcode Fuzzy Hash: 09c1b23ddd656e86f47062a209f85bb5aa11e004bac2bcff866b0b31471a8e6d
                                                                                                        • Instruction Fuzzy Hash: 5090023120504C82D54072585504A4B002587D0305F91C415A00586B4DD6358D55B761
                                                                                                        Function 02D729F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 140 2d729f0-2d729fc LdrInitializeThunk
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.14765387311.0000000002D00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D00000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.14765387311.0000000002E29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.14765387311.0000000002E2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_2d00000_SecEdit.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: f531f09bfd3dfb8c7eae498d3559369fd76e9065fa028a3013ed782d4c9a1e66
                                                                                                        • Instruction ID: a766b00c4d1c589d71b01118943e13e4eb7394034b16dda797e47ee75f07cb75
                                                                                                        • Opcode Fuzzy Hash: f531f09bfd3dfb8c7eae498d3559369fd76e9065fa028a3013ed782d4c9a1e66
                                                                                                        • Instruction Fuzzy Hash: 95900225211004430505B658170450B005687D5351391C425F1009570CD6318C617221
                                                                                                        Function 02D72E50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 150 2d72e50-2d72e5c LdrInitializeThunk
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.14765387311.0000000002D00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D00000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.14765387311.0000000002E29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.14765387311.0000000002E2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_2d00000_SecEdit.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 5d52e72ec6aa894b0cd55758dfa7606b8357fdd6fabc3f226d508dabcfb1693c
                                                                                                        • Instruction ID: 25985b1ccb8bba065274be00075f73adcd7196c2634fb741520a89b58c030b48
                                                                                                        • Opcode Fuzzy Hash: 5d52e72ec6aa894b0cd55758dfa7606b8357fdd6fabc3f226d508dabcfb1693c
                                                                                                        • Instruction Fuzzy Hash: BE90026134100882D50072585514B0B0015C7E1301F91C419E1058574DC629CC527226
                                                                                                        Function 02D72F00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 151 2d72f00-2d72f0c LdrInitializeThunk
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.14765387311.0000000002D00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D00000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.14765387311.0000000002E29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.14765387311.0000000002E2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_2d00000_SecEdit.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 4d7ddef667618375012a4bee3f7e5512b9c3894ed328d9e77b72957bee3262ed
                                                                                                        • Instruction ID: 7fcb891abf773c003049a6ba9928079a1ba124aee39416afff1fcf6a6375dfde
                                                                                                        • Opcode Fuzzy Hash: 4d7ddef667618375012a4bee3f7e5512b9c3894ed328d9e77b72957bee3262ed
                                                                                                        • Instruction Fuzzy Hash: E890022121180482D60076685D14B0B001587D0303F91C519A0148574CC9258C617621
                                                                                                        Function 02D72CF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 148 2d72cf0-2d72cfc LdrInitializeThunk
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.14765387311.0000000002D00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D00000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.14765387311.0000000002E29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.14765387311.0000000002E2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_2d00000_SecEdit.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 039e2d80298c4cc63efc458e3208abc55716dbe329a53dc795c382c5308310a1
                                                                                                        • Instruction ID: 8ffe0b9ddeeb00d4d59d7a11a6ac02ad867f0b8d66af39aa98726565eae38a08
                                                                                                        • Opcode Fuzzy Hash: 039e2d80298c4cc63efc458e3208abc55716dbe329a53dc795c382c5308310a1
                                                                                                        • Instruction Fuzzy Hash: 11900221242045925945B258550450B401697E02417D1C416A1408970CC5369C56F721
                                                                                                        Function 02D72C30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 147 2d72c30-2d72c3c LdrInitializeThunk
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.14765387311.0000000002D00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D00000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.14765387311.0000000002E29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.14765387311.0000000002E2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_2d00000_SecEdit.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 75d2e51abdba5cbd8ab6398c0ab31b1b8254edc6e2b93ea95abaf22f802e61f4
                                                                                                        • Instruction ID: fc315c96525dfa97dce70e9347d88959fc5c9ef7102584a915ffdc495b8f909b
                                                                                                        • Opcode Fuzzy Hash: 75d2e51abdba5cbd8ab6398c0ab31b1b8254edc6e2b93ea95abaf22f802e61f4
                                                                                                        • Instruction Fuzzy Hash: FA90022921300442D5807258650860F001587D1202FD1D819A0009578CC9258C697321
                                                                                                        Function 02D72D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 149 2d72d10-2d72d1c LdrInitializeThunk
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.14765387311.0000000002D00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D00000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.14765387311.0000000002E29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.14765387311.0000000002E2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_2d00000_SecEdit.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 0d121f5f846edca667e7832fb7931a4145c5bee59912542af7883661ea0deed9
                                                                                                        • Instruction ID: 19749e561e48c6aae880845c5dfafe990d88494615a90ff710af7ca442410150
                                                                                                        • Opcode Fuzzy Hash: 0d121f5f846edca667e7832fb7931a4145c5bee59912542af7883661ea0deed9
                                                                                                        • Instruction Fuzzy Hash: 7090023120100853D5117258560470B001987D0241FD1C816A0418578DD6668D52B221
                                                                                                        Function 02D72B2A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 136 2d72b2a-2d72b2f 137 2d72b31-2d72b38 136->137 138 2d72b3f-2d72b46 LdrInitializeThunk 136->138
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.14765387311.0000000002D00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D00000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.14765387311.0000000002E29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.14765387311.0000000002E2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_2d00000_SecEdit.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 50e23ea458fea49a5cce35bb7cd0ff5a8f22a2a24e320067b39b069a55aa6dc3
                                                                                                        • Instruction ID: 234b0645abbaeea6e86655bd71a327acccb25470b1ea8a87b47ef2f458d189c2
                                                                                                        • Opcode Fuzzy Hash: 50e23ea458fea49a5cce35bb7cd0ff5a8f22a2a24e320067b39b069a55aa6dc3
                                                                                                        • Instruction Fuzzy Hash: AFB092729024C9CAEE11EB705B0CB1B7A10ABD0701F66C466E24646A1F873CD991F276
                                                                                                        Function 0042AF53 Relevance: .0, Instructions: 18COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.14764294363.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_400000_SecEdit.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 8e0b56a9ae10c9fb669f31624acc4627e640614d5f89512385a68cf046d6180e
                                                                                                        • Instruction ID: bbd0c7d40cd2ed1e73a65469218a57f38f9b3428ec635a95b99f30c501146992
                                                                                                        • Opcode Fuzzy Hash: 8e0b56a9ae10c9fb669f31624acc4627e640614d5f89512385a68cf046d6180e
                                                                                                        • Instruction Fuzzy Hash: 07E08C3A200345EFE36EAF20C5424C87BB8FF11327762086EE49009632C7399262DF09

                                                                                                        Non-executed Functions

                                                                                                        Function 02D67550 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • ExecuteOptions, xrefs: 02DA44AB
                                                                                                        • Execute=1, xrefs: 02DA451E
                                                                                                        • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 02DA4507
                                                                                                        • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 02DA4460
                                                                                                        • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 02DA454D
                                                                                                        • CLIENT(ntdll): Processing section info %ws..., xrefs: 02DA4592
                                                                                                        • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 02DA4530
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.14765387311.0000000002D00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D00000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.14765387311.0000000002E29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.14765387311.0000000002E2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_2d00000_SecEdit.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                        • API String ID: 0-484625025
                                                                                                        • Opcode ID: 8c7389fd3d25477a9ebfc0aa2bcdc33b4e09de8dda064f702f4057289298e459
                                                                                                        • Instruction ID: 193b2a3f472a3dd66eec12c547b0c681e5b32da8947ea1983e39d88ff7c86aad
                                                                                                        • Opcode Fuzzy Hash: 8c7389fd3d25477a9ebfc0aa2bcdc33b4e09de8dda064f702f4057289298e459
                                                                                                        • Instruction Fuzzy Hash: FF51D631A4025DABFB119BA4AC59FB9B3A9EF08308F0404E9D506A7381E770DE45CE60
                                                                                                        Function 02D39046 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 199COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.14765387311.0000000002D00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D00000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.14765387311.0000000002E29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.14765387311.0000000002E2D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_2d00000_SecEdit.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: $$@$@wvv
                                                                                                        • API String ID: 0-308019571
                                                                                                        • Opcode ID: c214c33660c0a4c33d7cf598c45f9dc52bbd0c6e2bd74fa58bdb4279aed39cb3
                                                                                                        • Instruction ID: 5ff4f27ed72b845d674235c52d4d63c884e7dfa079fac19739ef61f47dc24920
                                                                                                        • Opcode Fuzzy Hash: c214c33660c0a4c33d7cf598c45f9dc52bbd0c6e2bd74fa58bdb4279aed39cb3
                                                                                                        • Instruction Fuzzy Hash: 6C811A72D402699BDB31CB54CC45BEEB7B8AB08714F1045EAAA1AB7350D7709E85CFA0