Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
rTransferenciarealizada451236.exe

Overview

General Information

Sample name:rTransferenciarealizada451236.exe
Analysis ID:1545014
MD5:12f32dc32a25a48db3aca40758745e80
SHA1:41f2c89b8c83b279633c641d1e266a3a2487294d
SHA256:8085c17ea9441ff19ee1d021408ce2b159bdf4d53704a9afd180e76033c74415
Tags:exeuser-Porcupine
Infos:

Detection

GuLoader
Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected GuLoader
AI detected suspicious sample
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Abnormal high CPU Usage
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
PE / OLE file has an invalid certificate
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.2677672856.0000000003B5D000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-30T01:03:43.603082+010028032702Potentially Bad Traffic192.168.2.456106142.250.186.142443TCP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: rTransferenciarealizada451236.exeAvira: detected
    Multi AV Scanner detection for submitted file
    Source: rTransferenciarealizada451236.exeReversingLabs: Detection: 15%
    Source: rTransferenciarealizada451236.exeVirustotal: Detection: 32%Perma Link
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
    Source: rTransferenciarealizada451236.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 142.250.186.142:443 -> 192.168.2.4:56106 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 142.250.185.193:443 -> 192.168.2.4:56116 version: TLS 1.2
    Source: rTransferenciarealizada451236.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
    Source: Binary string: mshtml.pdb source: rTransferenciarealizada451236.exe, 00000005.00000001.2676520137.0000000000649000.00000008.00000001.01000000.00000007.sdmp
    Source: Binary string: wntdll.pdbUGP source: rTransferenciarealizada451236.exe, 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000003.2918854405.0000000033913000.00000004.00000020.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000003.2916882802.0000000033769000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: wntdll.pdb source: rTransferenciarealizada451236.exe, rTransferenciarealizada451236.exe, 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000003.2918854405.0000000033913000.00000004.00000020.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000003.2916882802.0000000033769000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: mshtml.pdbUGP source: rTransferenciarealizada451236.exe, 00000005.00000001.2676520137.0000000000649000.00000008.00000001.01000000.00000007.sdmp
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 0_2_00406232 FindFirstFileA,FindClose,0_2_00406232
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 0_2_004056F7 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_004056F7
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 0_2_004026F8 FindFirstFileA,0_2_004026F8
    Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
    Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:56106 -> 142.250.186.142:443
    Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1nMPhNN-2GjI3FUIqU_EPUgHeeK8mihQO HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /download?id=1nMPhNN-2GjI3FUIqU_EPUgHeeK8mihQO&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1nMPhNN-2GjI3FUIqU_EPUgHeeK8mihQO HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /download?id=1nMPhNN-2GjI3FUIqU_EPUgHeeK8mihQO&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
    Source: global trafficDNS traffic detected: DNS query: drive.google.com
    Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
    Source: rTransferenciarealizada451236.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
    Source: rTransferenciarealizada451236.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
    Source: rTransferenciarealizada451236.exe, 00000005.00000001.2676520137.0000000000649000.00000008.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.ftp.ftp://ftp.gopher.
    Source: rTransferenciarealizada451236.exe, 00000005.00000001.2676520137.00000000005F2000.00000008.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
    Source: rTransferenciarealizada451236.exe, 00000005.00000001.2676520137.00000000005F2000.00000008.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
    Source: rTransferenciarealizada451236.exe, 00000005.00000003.2725645535.0000000003A8B000.00000004.00000020.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000003.2725724585.0000000003A8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
    Source: rTransferenciarealizada451236.exe, 00000005.00000002.4155197056.0000000003A18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
    Source: rTransferenciarealizada451236.exe, 00000005.00000002.4155197056.0000000003A55000.00000004.00000020.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000002.4155460060.0000000003B30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1nMPhNN-2GjI3FUIqU_EPUgHeeK8mihQO
    Source: rTransferenciarealizada451236.exe, 00000005.00000002.4155197056.0000000003A18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1nMPhNN-2GjI3FUIqU_EPUgHeeK8mihQO8D
    Source: rTransferenciarealizada451236.exe, 00000005.00000002.4155197056.0000000003A18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1nMPhNN-2GjI3FUIqU_EPUgHeeK8mihQONDs
    Source: rTransferenciarealizada451236.exe, 00000005.00000002.4155197056.0000000003A18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1nMPhNN-2GjI3FUIqU_EPUgHeeK8mihQOdD
    Source: rTransferenciarealizada451236.exe, 00000005.00000003.2917130489.0000000003A7F000.00000004.00000020.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000003.2917338648.0000000003A88000.00000004.00000020.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000003.2763596938.0000000003A8B000.00000004.00000020.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000002.4155375280.0000000003A8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
    Source: rTransferenciarealizada451236.exe, 00000005.00000003.2917130489.0000000003A7F000.00000004.00000020.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000003.2917338648.0000000003A88000.00000004.00000020.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000003.2763596938.0000000003A8B000.00000004.00000020.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000002.4155375280.0000000003A8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/d
    Source: rTransferenciarealizada451236.exe, 00000005.00000003.2917130489.0000000003A7F000.00000004.00000020.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000003.2725645535.0000000003A8B000.00000004.00000020.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000003.2725724585.0000000003A8B000.00000004.00000020.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000003.2917365230.0000000003A6F000.00000004.00000020.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000002.4155268080.0000000003A6F000.00000004.00000020.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000003.2917338648.0000000003A88000.00000004.00000020.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000003.2763596938.0000000003A8B000.00000004.00000020.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000002.4155375280.0000000003A8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1nMPhNN-2GjI3FUIqU_EPUgHeeK8mihQO&export=download
    Source: rTransferenciarealizada451236.exe, 00000005.00000003.2917130489.0000000003A7F000.00000004.00000020.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000003.2917338648.0000000003A88000.00000004.00000020.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000003.2763596938.0000000003A8B000.00000004.00000020.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000002.4155375280.0000000003A8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1nMPhNN-2GjI3FUIqU_EPUgHeeK8mihQO&export=download.c
    Source: rTransferenciarealizada451236.exe, 00000005.00000003.2917130489.0000000003A7F000.00000004.00000020.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000003.2917338648.0000000003A88000.00000004.00000020.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000003.2763596938.0000000003A8B000.00000004.00000020.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000002.4155375280.0000000003A8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1nMPhNN-2GjI3FUIqU_EPUgHeeK8mihQO&export=download1A
    Source: rTransferenciarealizada451236.exe, 00000005.00000001.2676520137.0000000000649000.00000008.00000001.01000000.00000007.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
    Source: rTransferenciarealizada451236.exe, 00000005.00000003.2725645535.0000000003A8B000.00000004.00000020.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000003.2725724585.0000000003A8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
    Source: rTransferenciarealizada451236.exe, 00000005.00000003.2725645535.0000000003A8B000.00000004.00000020.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000003.2725724585.0000000003A8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
    Source: rTransferenciarealizada451236.exe, 00000005.00000003.2725645535.0000000003A8B000.00000004.00000020.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000003.2725724585.0000000003A8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
    Source: rTransferenciarealizada451236.exe, 00000005.00000003.2725645535.0000000003A8B000.00000004.00000020.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000003.2725724585.0000000003A8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
    Source: rTransferenciarealizada451236.exe, 00000005.00000003.2725645535.0000000003A8B000.00000004.00000020.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000003.2725724585.0000000003A8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
    Source: unknownNetwork traffic detected: HTTP traffic on port 56116 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56116
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56106
    Source: unknownNetwork traffic detected: HTTP traffic on port 56106 -> 443
    Source: unknownHTTPS traffic detected: 142.250.186.142:443 -> 192.168.2.4:56106 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 142.250.185.193:443 -> 192.168.2.4:56116 version: TLS 1.2
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 0_2_00405194 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405194
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeProcess Stats: CPU usage > 49%
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B32DF0 NtQuerySystemInformation,LdrInitializeThunk,5_2_33B32DF0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B33090 NtSetValueKey,5_2_33B33090
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B33010 NtOpenDirectoryObject,5_2_33B33010
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B335C0 NtCreateMutant,5_2_33B335C0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B339B0 NtGetContextThread,5_2_33B339B0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B33D10 NtOpenProcessToken,5_2_33B33D10
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B33D70 NtOpenThread,5_2_33B33D70
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B34340 NtSetContextThread,5_2_33B34340
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B34650 NtSuspendThread,5_2_33B34650
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B32BA0 NtEnumerateValueKey,5_2_33B32BA0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B32B80 NtQueryInformationFile,5_2_33B32B80
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B32BF0 NtAllocateVirtualMemory,5_2_33B32BF0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B32BE0 NtQueryValueKey,5_2_33B32BE0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B32B60 NtClose,5_2_33B32B60
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B32AB0 NtWaitForSingleObject,5_2_33B32AB0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B32AF0 NtWriteFile,5_2_33B32AF0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B32AD0 NtReadFile,5_2_33B32AD0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B32FB0 NtResumeThread,5_2_33B32FB0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B32FA0 NtQuerySection,5_2_33B32FA0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B32F90 NtProtectVirtualMemory,5_2_33B32F90
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B32FE0 NtCreateFile,5_2_33B32FE0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B32F30 NtCreateSection,5_2_33B32F30
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B32F60 NtCreateProcessEx,5_2_33B32F60
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B32EA0 NtAdjustPrivilegesToken,5_2_33B32EA0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B32E80 NtReadVirtualMemory,5_2_33B32E80
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B32EE0 NtQueueApcThread,5_2_33B32EE0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B32E30 NtWriteVirtualMemory,5_2_33B32E30
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B32DB0 NtEnumerateKey,5_2_33B32DB0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B32DD0 NtDelayExecution,5_2_33B32DD0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B32D30 NtUnmapViewOfSection,5_2_33B32D30
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B32D10 NtMapViewOfSection,5_2_33B32D10
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B32D00 NtSetInformationFile,5_2_33B32D00
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B32CA0 NtQueryInformationToken,5_2_33B32CA0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B32CF0 NtOpenProcess,5_2_33B32CF0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B32CC0 NtQueryVirtualMemory,5_2_33B32CC0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B32C00 NtQueryInformationProcess,5_2_33B32C00
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B32C70 NtFreeVirtualMemory,5_2_33B32C70
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B32C60 NtCreateKey,5_2_33B32C60
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 0_2_004031BB EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004031BB
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeFile created: C:\Windows\resources\nringsmiddelet.iniJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeFile created: C:\Windows\terzettersJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeFile created: C:\Windows\Fonts\karrooers.iniJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 0_2_004049D30_2_004049D3
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 0_2_004065BB0_2_004065BB
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B4739A5_2_33B4739A
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BB132D5_2_33BB132D
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AED34C5_2_33AED34C
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B052A05_2_33B052A0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1D2F05_2_33B1D2F0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BA12ED5_2_33BA12ED
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1B2C05_2_33B1B2C0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B0B1B05_2_33B0B1B0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BCB16B5_2_33BCB16B
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEF1725_2_33AEF172
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B3516C5_2_33B3516C
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BB70E95_2_33BB70E9
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BBF0E05_2_33BBF0E0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B070C05_2_33B070C0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BAF0CC5_2_33BAF0CC
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BBF7B05_2_33BBF7B0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BB16CC5_2_33BB16CC
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B9D5B05_2_33B9D5B0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BB75715_2_33BB7571
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BBF43F5_2_33BBF43F
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AF14605_2_33AF1460
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1FB805_2_33B1FB80
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B75BF05_2_33B75BF0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B3DBF95_2_33B3DBF9
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BBFB765_2_33BBFB76
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B45AA05_2_33B45AA0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B9DAAC5_2_33B9DAAC
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BA1AA35_2_33BA1AA3
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BADAC65_2_33BADAC6
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B73A6C5_2_33B73A6C
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BBFA495_2_33BBFA49
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BB7A465_2_33BB7A46
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B959105_2_33B95910
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B099505_2_33B09950
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1B9505_2_33B1B950
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B038E05_2_33B038E0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B6D8005_2_33B6D800
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BBFFB15_2_33BBFFB1
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B01F925_2_33B01F92
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BBFF095_2_33BBFF09
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B09EB05_2_33B09EB0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1FDC05_2_33B1FDC0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BB7D735_2_33BB7D73
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BB1D5A5_2_33BB1D5A
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B03D405_2_33B03D40
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BBFCF25_2_33BBFCF2
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B79C325_2_33B79C32
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B0E3F05_2_33B0E3F0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BC03E65_2_33BC03E6
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BBA3525_2_33BBA352
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B802C05_2_33B802C0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BA02745_2_33BA0274
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BC01AA5_2_33BC01AA
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BB81CC5_2_33BB81CC
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B9A1185_2_33B9A118
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AF01005_2_33AF0100
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B881585_2_33B88158
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B920005_2_33B92000
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AFC7C05_2_33AFC7C0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B007705_2_33B00770
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B247505_2_33B24750
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1C6E05_2_33B1C6E0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BC05915_2_33BC0591
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B005355_2_33B00535
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BAE4F65_2_33BAE4F6
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BA44205_2_33BA4420
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BB24465_2_33BB2446
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BB6BD75_2_33BB6BD7
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BBAB405_2_33BBAB40
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AFEA805_2_33AFEA80
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B029A05_2_33B029A0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BCA9A65_2_33BCA9A6
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B169625_2_33B16962
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AE68B85_2_33AE68B8
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B2E8F05_2_33B2E8F0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B0A8405_2_33B0A840
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B028405_2_33B02840
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B7EFA05_2_33B7EFA0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B0CFE05_2_33B0CFE0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AF2FC85_2_33AF2FC8
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B20F305_2_33B20F30
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BA2F305_2_33BA2F30
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B42F285_2_33B42F28
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B74F405_2_33B74F40
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B12E905_2_33B12E90
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BBCE935_2_33BBCE93
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BBEEDB5_2_33BBEEDB
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BBEE265_2_33BBEE26
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B00E595_2_33B00E59
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B18DBF5_2_33B18DBF
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AFADE05_2_33AFADE0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B9CD1F5_2_33B9CD1F
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B0AD005_2_33B0AD00
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BA0CB55_2_33BA0CB5
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AF0CF25_2_33AF0CF2
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B00C005_2_33B00C00
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: String function: 33B6EA12 appears 86 times
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: String function: 33B35130 appears 58 times
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: String function: 33B7F290 appears 105 times
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: String function: 33AEB970 appears 262 times
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: String function: 33B47E54 appears 100 times
    Source: rTransferenciarealizada451236.exeStatic PE information: invalid certificate
    Source: rTransferenciarealizada451236.exe, 00000005.00000003.2916882802.000000003388C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs rTransferenciarealizada451236.exe
    Source: rTransferenciarealizada451236.exe, 00000005.00000002.4182804414.0000000033D91000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs rTransferenciarealizada451236.exe
    Source: rTransferenciarealizada451236.exe, 00000005.00000003.2918854405.0000000033A40000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs rTransferenciarealizada451236.exe
    Source: rTransferenciarealizada451236.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
    Source: classification engineClassification label: mal76.troj.evad.winEXE@3/12@2/2
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 0_2_004031BB EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004031BB
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 0_2_00404460 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_00404460
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 0_2_004020CB CoCreateInstance,MultiByteToWideChar,0_2_004020CB
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeFile created: C:\Users\user\entomostracaJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeFile created: C:\Users\user\AppData\Local\Temp\nsv8C3F.tmpJump to behavior
    Source: rTransferenciarealizada451236.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeFile read: C:\Users\desktop.iniJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: rTransferenciarealizada451236.exeReversingLabs: Detection: 15%
    Source: rTransferenciarealizada451236.exeVirustotal: Detection: 32%
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeFile read: C:\Users\user\Desktop\rTransferenciarealizada451236.exeJump to behavior
    Source: unknownProcess created: C:\Users\user\Desktop\rTransferenciarealizada451236.exe "C:\Users\user\Desktop\rTransferenciarealizada451236.exe"
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeProcess created: C:\Users\user\Desktop\rTransferenciarealizada451236.exe "C:\Users\user\Desktop\rTransferenciarealizada451236.exe"
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeProcess created: C:\Users\user\Desktop\rTransferenciarealizada451236.exe "C:\Users\user\Desktop\rTransferenciarealizada451236.exe"Jump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeSection loaded: dwmapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeSection loaded: oleacc.dllJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeSection loaded: shfolder.dllJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeSection loaded: powrprof.dllJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeSection loaded: wkscli.dllJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeSection loaded: umpdc.dllJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeSection loaded: dpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeFile written: C:\Windows\Resources\nringsmiddelet.iniJump to behavior
    Source: rTransferenciarealizada451236.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
    Source: Binary string: mshtml.pdb source: rTransferenciarealizada451236.exe, 00000005.00000001.2676520137.0000000000649000.00000008.00000001.01000000.00000007.sdmp
    Source: Binary string: wntdll.pdbUGP source: rTransferenciarealizada451236.exe, 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000003.2918854405.0000000033913000.00000004.00000020.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000003.2916882802.0000000033769000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: wntdll.pdb source: rTransferenciarealizada451236.exe, rTransferenciarealizada451236.exe, 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000003.2918854405.0000000033913000.00000004.00000020.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000003.2916882802.0000000033769000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: mshtml.pdbUGP source: rTransferenciarealizada451236.exe, 00000005.00000001.2676520137.0000000000649000.00000008.00000001.01000000.00000007.sdmp

    Data Obfuscation

    barindex
    Yara detected GuLoader
    Source: Yara matchFile source: 00000000.00000002.2677672856.0000000003B5D000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 0_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,LdrInitializeThunk,LdrInitializeThunk,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,0_2_10001A5D
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 0_2_10002D20 push eax; ret 0_2_10002D4E
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AF09AD push ecx; mov dword ptr [esp], ecx5_2_33AF09B6
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeFile created: C:\Users\user\AppData\Local\Temp\nso93F1.tmp\System.dllJump to dropped file
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Switches to a custom stack to bypass stack traces
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeAPI/Special instruction interceptor: Address: 41CD978
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeAPI/Special instruction interceptor: Address: 27DD978
    Tries to detect virtualization through RDTSC time measurements
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeRDTSC instruction interceptor: First address: 41A8A8A second address: 41A8A8A instructions: 0x00000000 rdtsc 0x00000002 test bh, dh 0x00000004 cmp ebx, ecx 0x00000006 jc 00007EFE284F73F8h 0x00000008 inc ebp 0x00000009 inc ebx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeRDTSC instruction interceptor: First address: 27B8A8A second address: 27B8A8A instructions: 0x00000000 rdtsc 0x00000002 test bh, dh 0x00000004 cmp ebx, ecx 0x00000006 jc 00007EFE293475A8h 0x00000008 inc ebp 0x00000009 inc ebx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B6D1C0 rdtsc 5_2_33B6D1C0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nso93F1.tmp\System.dllJump to dropped file
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeAPI coverage: 0.1 %
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 0_2_00406232 FindFirstFileA,FindClose,0_2_00406232
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 0_2_004056F7 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_004056F7
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 0_2_004026F8 FindFirstFileA,0_2_004026F8
    Source: rTransferenciarealizada451236.exe, 00000005.00000003.2917189084.0000000003A77000.00000004.00000020.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000002.4155197056.0000000003A18000.00000004.00000020.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000002.4155268080.0000000003A77000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeAPI call chain: ExitProcess graph end nodegraph_0-4586
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeAPI call chain: ExitProcess graph end nodegraph_0-4590
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B6D1C0 rdtsc 5_2_33B6D1C0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 0_2_00402D48 GetTempPathA,GetTickCount,GetModuleFileNameA,LdrInitializeThunk,GetFileSize,GlobalAlloc,SetFilePointer,0_2_00402D48
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 0_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,LdrInitializeThunk,LdrInitializeThunk,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,0_2_10001A5D
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B913B9 mov eax, dword ptr fs:[00000030h]5_2_33B913B9
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B913B9 mov eax, dword ptr fs:[00000030h]5_2_33B913B9
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B913B9 mov eax, dword ptr fs:[00000030h]5_2_33B913B9
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B233A0 mov eax, dword ptr fs:[00000030h]5_2_33B233A0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B233A0 mov eax, dword ptr fs:[00000030h]5_2_33B233A0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B133A5 mov eax, dword ptr fs:[00000030h]5_2_33B133A5
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BC539D mov eax, dword ptr fs:[00000030h]5_2_33BC539D
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B4739A mov eax, dword ptr fs:[00000030h]5_2_33B4739A
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B4739A mov eax, dword ptr fs:[00000030h]5_2_33B4739A
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BC53FC mov eax, dword ptr fs:[00000030h]5_2_33BC53FC
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BAF3E6 mov eax, dword ptr fs:[00000030h]5_2_33BAF3E6
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BAB3D0 mov ecx, dword ptr fs:[00000030h]5_2_33BAB3D0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BB132D mov eax, dword ptr fs:[00000030h]5_2_33BB132D
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BB132D mov eax, dword ptr fs:[00000030h]5_2_33BB132D
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1F32A mov eax, dword ptr fs:[00000030h]5_2_33B1F32A
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AE7330 mov eax, dword ptr fs:[00000030h]5_2_33AE7330
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B7930B mov eax, dword ptr fs:[00000030h]5_2_33B7930B
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B7930B mov eax, dword ptr fs:[00000030h]5_2_33B7930B
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B7930B mov eax, dword ptr fs:[00000030h]5_2_33B7930B
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B93370 mov eax, dword ptr fs:[00000030h]5_2_33B93370
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BAF367 mov eax, dword ptr fs:[00000030h]5_2_33BAF367
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AF7370 mov eax, dword ptr fs:[00000030h]5_2_33AF7370
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AF7370 mov eax, dword ptr fs:[00000030h]5_2_33AF7370
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AF7370 mov eax, dword ptr fs:[00000030h]5_2_33AF7370
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AED34C mov eax, dword ptr fs:[00000030h]5_2_33AED34C
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AED34C mov eax, dword ptr fs:[00000030h]5_2_33AED34C
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BC5341 mov eax, dword ptr fs:[00000030h]5_2_33BC5341
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AE9353 mov eax, dword ptr fs:[00000030h]5_2_33AE9353
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AE9353 mov eax, dword ptr fs:[00000030h]5_2_33AE9353
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B792BC mov eax, dword ptr fs:[00000030h]5_2_33B792BC
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B792BC mov eax, dword ptr fs:[00000030h]5_2_33B792BC
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B792BC mov ecx, dword ptr fs:[00000030h]5_2_33B792BC
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B792BC mov ecx, dword ptr fs:[00000030h]5_2_33B792BC
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B052A0 mov eax, dword ptr fs:[00000030h]5_2_33B052A0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B052A0 mov eax, dword ptr fs:[00000030h]5_2_33B052A0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B052A0 mov eax, dword ptr fs:[00000030h]5_2_33B052A0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B052A0 mov eax, dword ptr fs:[00000030h]5_2_33B052A0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B872A0 mov eax, dword ptr fs:[00000030h]5_2_33B872A0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B872A0 mov eax, dword ptr fs:[00000030h]5_2_33B872A0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BB92A6 mov eax, dword ptr fs:[00000030h]5_2_33BB92A6
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BB92A6 mov eax, dword ptr fs:[00000030h]5_2_33BB92A6
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BB92A6 mov eax, dword ptr fs:[00000030h]5_2_33BB92A6
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BB92A6 mov eax, dword ptr fs:[00000030h]5_2_33BB92A6
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B2329E mov eax, dword ptr fs:[00000030h]5_2_33B2329E
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B2329E mov eax, dword ptr fs:[00000030h]5_2_33B2329E
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BC5283 mov eax, dword ptr fs:[00000030h]5_2_33BC5283
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BAF2F8 mov eax, dword ptr fs:[00000030h]5_2_33BAF2F8
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B9B2F0 mov eax, dword ptr fs:[00000030h]5_2_33B9B2F0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B9B2F0 mov eax, dword ptr fs:[00000030h]5_2_33B9B2F0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AE92FF mov eax, dword ptr fs:[00000030h]5_2_33AE92FF
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BA12ED mov eax, dword ptr fs:[00000030h]5_2_33BA12ED
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BA12ED mov eax, dword ptr fs:[00000030h]5_2_33BA12ED
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BA12ED mov eax, dword ptr fs:[00000030h]5_2_33BA12ED
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BA12ED mov eax, dword ptr fs:[00000030h]5_2_33BA12ED
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BA12ED mov eax, dword ptr fs:[00000030h]5_2_33BA12ED
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BA12ED mov eax, dword ptr fs:[00000030h]5_2_33BA12ED
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BA12ED mov eax, dword ptr fs:[00000030h]5_2_33BA12ED
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BA12ED mov eax, dword ptr fs:[00000030h]5_2_33BA12ED
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BA12ED mov eax, dword ptr fs:[00000030h]5_2_33BA12ED
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BA12ED mov eax, dword ptr fs:[00000030h]5_2_33BA12ED
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BA12ED mov eax, dword ptr fs:[00000030h]5_2_33BA12ED
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BA12ED mov eax, dword ptr fs:[00000030h]5_2_33BA12ED
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BA12ED mov eax, dword ptr fs:[00000030h]5_2_33BA12ED
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BA12ED mov eax, dword ptr fs:[00000030h]5_2_33BA12ED
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BC52E2 mov eax, dword ptr fs:[00000030h]5_2_33BC52E2
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1F2D0 mov eax, dword ptr fs:[00000030h]5_2_33B1F2D0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1F2D0 mov eax, dword ptr fs:[00000030h]5_2_33B1F2D0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AF92C5 mov eax, dword ptr fs:[00000030h]5_2_33AF92C5
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AF92C5 mov eax, dword ptr fs:[00000030h]5_2_33AF92C5
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1B2C0 mov eax, dword ptr fs:[00000030h]5_2_33B1B2C0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1B2C0 mov eax, dword ptr fs:[00000030h]5_2_33B1B2C0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1B2C0 mov eax, dword ptr fs:[00000030h]5_2_33B1B2C0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1B2C0 mov eax, dword ptr fs:[00000030h]5_2_33B1B2C0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1B2C0 mov eax, dword ptr fs:[00000030h]5_2_33B1B2C0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1B2C0 mov eax, dword ptr fs:[00000030h]5_2_33B1B2C0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1B2C0 mov eax, dword ptr fs:[00000030h]5_2_33B1B2C0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEB2D3 mov eax, dword ptr fs:[00000030h]5_2_33AEB2D3
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEB2D3 mov eax, dword ptr fs:[00000030h]5_2_33AEB2D3
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEB2D3 mov eax, dword ptr fs:[00000030h]5_2_33AEB2D3
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BC5227 mov eax, dword ptr fs:[00000030h]5_2_33BC5227
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B27208 mov eax, dword ptr fs:[00000030h]5_2_33B27208
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B27208 mov eax, dword ptr fs:[00000030h]5_2_33B27208
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B31270 mov eax, dword ptr fs:[00000030h]5_2_33B31270
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B31270 mov eax, dword ptr fs:[00000030h]5_2_33B31270
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B19274 mov eax, dword ptr fs:[00000030h]5_2_33B19274
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BBD26B mov eax, dword ptr fs:[00000030h]5_2_33BBD26B
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BBD26B mov eax, dword ptr fs:[00000030h]5_2_33BBD26B
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BAB256 mov eax, dword ptr fs:[00000030h]5_2_33BAB256
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BAB256 mov eax, dword ptr fs:[00000030h]5_2_33BAB256
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AE9240 mov eax, dword ptr fs:[00000030h]5_2_33AE9240
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AE9240 mov eax, dword ptr fs:[00000030h]5_2_33AE9240
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B2724D mov eax, dword ptr fs:[00000030h]5_2_33B2724D
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B0B1B0 mov eax, dword ptr fs:[00000030h]5_2_33B0B1B0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BA11A4 mov eax, dword ptr fs:[00000030h]5_2_33BA11A4
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BA11A4 mov eax, dword ptr fs:[00000030h]5_2_33BA11A4
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BA11A4 mov eax, dword ptr fs:[00000030h]5_2_33BA11A4
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BA11A4 mov eax, dword ptr fs:[00000030h]5_2_33BA11A4
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B47190 mov eax, dword ptr fs:[00000030h]5_2_33B47190
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BA5180 mov eax, dword ptr fs:[00000030h]5_2_33BA5180
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BA5180 mov eax, dword ptr fs:[00000030h]5_2_33BA5180
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B971F9 mov esi, dword ptr fs:[00000030h]5_2_33B971F9
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AF51ED mov eax, dword ptr fs:[00000030h]5_2_33AF51ED
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B151EF mov eax, dword ptr fs:[00000030h]5_2_33B151EF
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B151EF mov eax, dword ptr fs:[00000030h]5_2_33B151EF
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B151EF mov eax, dword ptr fs:[00000030h]5_2_33B151EF
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B151EF mov eax, dword ptr fs:[00000030h]5_2_33B151EF
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B151EF mov eax, dword ptr fs:[00000030h]5_2_33B151EF
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B151EF mov eax, dword ptr fs:[00000030h]5_2_33B151EF
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B151EF mov eax, dword ptr fs:[00000030h]5_2_33B151EF
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B151EF mov eax, dword ptr fs:[00000030h]5_2_33B151EF
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B151EF mov eax, dword ptr fs:[00000030h]5_2_33B151EF
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B151EF mov eax, dword ptr fs:[00000030h]5_2_33B151EF
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B151EF mov eax, dword ptr fs:[00000030h]5_2_33B151EF
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B151EF mov eax, dword ptr fs:[00000030h]5_2_33B151EF
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B151EF mov eax, dword ptr fs:[00000030h]5_2_33B151EF
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B2D1D0 mov eax, dword ptr fs:[00000030h]5_2_33B2D1D0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B2D1D0 mov ecx, dword ptr fs:[00000030h]5_2_33B2D1D0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BC51CB mov eax, dword ptr fs:[00000030h]5_2_33BC51CB
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEB136 mov eax, dword ptr fs:[00000030h]5_2_33AEB136
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEB136 mov eax, dword ptr fs:[00000030h]5_2_33AEB136
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEB136 mov eax, dword ptr fs:[00000030h]5_2_33AEB136
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEB136 mov eax, dword ptr fs:[00000030h]5_2_33AEB136
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AF1131 mov eax, dword ptr fs:[00000030h]5_2_33AF1131
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AF1131 mov eax, dword ptr fs:[00000030h]5_2_33AF1131
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B89179 mov eax, dword ptr fs:[00000030h]5_2_33B89179
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEF172 mov eax, dword ptr fs:[00000030h]5_2_33AEF172
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEF172 mov eax, dword ptr fs:[00000030h]5_2_33AEF172
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEF172 mov eax, dword ptr fs:[00000030h]5_2_33AEF172
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEF172 mov eax, dword ptr fs:[00000030h]5_2_33AEF172
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEF172 mov eax, dword ptr fs:[00000030h]5_2_33AEF172
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEF172 mov eax, dword ptr fs:[00000030h]5_2_33AEF172
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEF172 mov eax, dword ptr fs:[00000030h]5_2_33AEF172
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEF172 mov eax, dword ptr fs:[00000030h]5_2_33AEF172
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEF172 mov eax, dword ptr fs:[00000030h]5_2_33AEF172
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEF172 mov eax, dword ptr fs:[00000030h]5_2_33AEF172
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEF172 mov eax, dword ptr fs:[00000030h]5_2_33AEF172
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEF172 mov eax, dword ptr fs:[00000030h]5_2_33AEF172
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEF172 mov eax, dword ptr fs:[00000030h]5_2_33AEF172
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEF172 mov eax, dword ptr fs:[00000030h]5_2_33AEF172
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEF172 mov eax, dword ptr fs:[00000030h]5_2_33AEF172
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEF172 mov eax, dword ptr fs:[00000030h]5_2_33AEF172
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEF172 mov eax, dword ptr fs:[00000030h]5_2_33AEF172
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEF172 mov eax, dword ptr fs:[00000030h]5_2_33AEF172
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEF172 mov eax, dword ptr fs:[00000030h]5_2_33AEF172
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEF172 mov eax, dword ptr fs:[00000030h]5_2_33AEF172
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEF172 mov eax, dword ptr fs:[00000030h]5_2_33AEF172
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AE9148 mov eax, dword ptr fs:[00000030h]5_2_33AE9148
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AE9148 mov eax, dword ptr fs:[00000030h]5_2_33AE9148
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AE9148 mov eax, dword ptr fs:[00000030h]5_2_33AE9148
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AE9148 mov eax, dword ptr fs:[00000030h]5_2_33AE9148
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BC5152 mov eax, dword ptr fs:[00000030h]5_2_33BC5152
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B83140 mov eax, dword ptr fs:[00000030h]5_2_33B83140
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B83140 mov eax, dword ptr fs:[00000030h]5_2_33B83140
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B83140 mov eax, dword ptr fs:[00000030h]5_2_33B83140
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AF7152 mov eax, dword ptr fs:[00000030h]5_2_33AF7152
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1D090 mov eax, dword ptr fs:[00000030h]5_2_33B1D090
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1D090 mov eax, dword ptr fs:[00000030h]5_2_33B1D090
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AED08D mov eax, dword ptr fs:[00000030h]5_2_33AED08D
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B2909C mov eax, dword ptr fs:[00000030h]5_2_33B2909C
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B7D080 mov eax, dword ptr fs:[00000030h]5_2_33B7D080
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B7D080 mov eax, dword ptr fs:[00000030h]5_2_33B7D080
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AF5096 mov eax, dword ptr fs:[00000030h]5_2_33AF5096
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B150E4 mov eax, dword ptr fs:[00000030h]5_2_33B150E4
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B150E4 mov ecx, dword ptr fs:[00000030h]5_2_33B150E4
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BC50D9 mov eax, dword ptr fs:[00000030h]5_2_33BC50D9
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B190DB mov eax, dword ptr fs:[00000030h]5_2_33B190DB
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B070C0 mov eax, dword ptr fs:[00000030h]5_2_33B070C0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B070C0 mov ecx, dword ptr fs:[00000030h]5_2_33B070C0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B070C0 mov ecx, dword ptr fs:[00000030h]5_2_33B070C0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B070C0 mov eax, dword ptr fs:[00000030h]5_2_33B070C0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B070C0 mov ecx, dword ptr fs:[00000030h]5_2_33B070C0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B070C0 mov ecx, dword ptr fs:[00000030h]5_2_33B070C0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B070C0 mov eax, dword ptr fs:[00000030h]5_2_33B070C0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B070C0 mov eax, dword ptr fs:[00000030h]5_2_33B070C0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B070C0 mov eax, dword ptr fs:[00000030h]5_2_33B070C0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B070C0 mov eax, dword ptr fs:[00000030h]5_2_33B070C0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B070C0 mov eax, dword ptr fs:[00000030h]5_2_33B070C0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B070C0 mov eax, dword ptr fs:[00000030h]5_2_33B070C0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B070C0 mov eax, dword ptr fs:[00000030h]5_2_33B070C0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B070C0 mov eax, dword ptr fs:[00000030h]5_2_33B070C0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B070C0 mov eax, dword ptr fs:[00000030h]5_2_33B070C0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B070C0 mov eax, dword ptr fs:[00000030h]5_2_33B070C0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B070C0 mov eax, dword ptr fs:[00000030h]5_2_33B070C0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B070C0 mov eax, dword ptr fs:[00000030h]5_2_33B070C0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B6D0C0 mov eax, dword ptr fs:[00000030h]5_2_33B6D0C0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B6D0C0 mov eax, dword ptr fs:[00000030h]5_2_33B6D0C0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BB903E mov eax, dword ptr fs:[00000030h]5_2_33BB903E
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BB903E mov eax, dword ptr fs:[00000030h]5_2_33BB903E
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BB903E mov eax, dword ptr fs:[00000030h]5_2_33BB903E
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BB903E mov eax, dword ptr fs:[00000030h]5_2_33BB903E
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B01070 mov eax, dword ptr fs:[00000030h]5_2_33B01070
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B01070 mov ecx, dword ptr fs:[00000030h]5_2_33B01070
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B01070 mov eax, dword ptr fs:[00000030h]5_2_33B01070
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B01070 mov eax, dword ptr fs:[00000030h]5_2_33B01070
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B01070 mov eax, dword ptr fs:[00000030h]5_2_33B01070
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B01070 mov eax, dword ptr fs:[00000030h]5_2_33B01070
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B01070 mov eax, dword ptr fs:[00000030h]5_2_33B01070
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B01070 mov eax, dword ptr fs:[00000030h]5_2_33B01070
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B01070 mov eax, dword ptr fs:[00000030h]5_2_33B01070
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B01070 mov eax, dword ptr fs:[00000030h]5_2_33B01070
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B01070 mov eax, dword ptr fs:[00000030h]5_2_33B01070
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B01070 mov eax, dword ptr fs:[00000030h]5_2_33B01070
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B01070 mov eax, dword ptr fs:[00000030h]5_2_33B01070
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B6D070 mov ecx, dword ptr fs:[00000030h]5_2_33B6D070
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B7106E mov eax, dword ptr fs:[00000030h]5_2_33B7106E
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BC5060 mov eax, dword ptr fs:[00000030h]5_2_33BC5060
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1B052 mov eax, dword ptr fs:[00000030h]5_2_33B1B052
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B9705E mov ebx, dword ptr fs:[00000030h]5_2_33B9705E
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B9705E mov eax, dword ptr fs:[00000030h]5_2_33B9705E
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1D7B0 mov eax, dword ptr fs:[00000030h]5_2_33B1D7B0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BC37B6 mov eax, dword ptr fs:[00000030h]5_2_33BC37B6
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BAD7B0 mov eax, dword ptr fs:[00000030h]5_2_33BAD7B0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BAD7B0 mov eax, dword ptr fs:[00000030h]5_2_33BAD7B0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEF7BA mov eax, dword ptr fs:[00000030h]5_2_33AEF7BA
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEF7BA mov eax, dword ptr fs:[00000030h]5_2_33AEF7BA
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEF7BA mov eax, dword ptr fs:[00000030h]5_2_33AEF7BA
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEF7BA mov eax, dword ptr fs:[00000030h]5_2_33AEF7BA
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEF7BA mov eax, dword ptr fs:[00000030h]5_2_33AEF7BA
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEF7BA mov eax, dword ptr fs:[00000030h]5_2_33AEF7BA
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEF7BA mov eax, dword ptr fs:[00000030h]5_2_33AEF7BA
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEF7BA mov eax, dword ptr fs:[00000030h]5_2_33AEF7BA
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEF7BA mov eax, dword ptr fs:[00000030h]5_2_33AEF7BA
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B7F7AF mov eax, dword ptr fs:[00000030h]5_2_33B7F7AF
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B7F7AF mov eax, dword ptr fs:[00000030h]5_2_33B7F7AF
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B7F7AF mov eax, dword ptr fs:[00000030h]5_2_33B7F7AF
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B7F7AF mov eax, dword ptr fs:[00000030h]5_2_33B7F7AF
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B7F7AF mov eax, dword ptr fs:[00000030h]5_2_33B7F7AF
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B797A9 mov eax, dword ptr fs:[00000030h]5_2_33B797A9
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BAF78A mov eax, dword ptr fs:[00000030h]5_2_33BAF78A
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AFD7E0 mov ecx, dword ptr fs:[00000030h]5_2_33AFD7E0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AF57C0 mov eax, dword ptr fs:[00000030h]5_2_33AF57C0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AF57C0 mov eax, dword ptr fs:[00000030h]5_2_33AF57C0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AF57C0 mov eax, dword ptr fs:[00000030h]5_2_33AF57C0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BCB73C mov eax, dword ptr fs:[00000030h]5_2_33BCB73C
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BCB73C mov eax, dword ptr fs:[00000030h]5_2_33BCB73C
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BCB73C mov eax, dword ptr fs:[00000030h]5_2_33BCB73C
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BCB73C mov eax, dword ptr fs:[00000030h]5_2_33BCB73C
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B25734 mov eax, dword ptr fs:[00000030h]5_2_33B25734
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AF3720 mov eax, dword ptr fs:[00000030h]5_2_33AF3720
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B0F720 mov eax, dword ptr fs:[00000030h]5_2_33B0F720
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B0F720 mov eax, dword ptr fs:[00000030h]5_2_33B0F720
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B0F720 mov eax, dword ptr fs:[00000030h]5_2_33B0F720
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BB972B mov eax, dword ptr fs:[00000030h]5_2_33BB972B
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BAF72E mov eax, dword ptr fs:[00000030h]5_2_33BAF72E
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AF973A mov eax, dword ptr fs:[00000030h]5_2_33AF973A
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AF973A mov eax, dword ptr fs:[00000030h]5_2_33AF973A
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AE9730 mov eax, dword ptr fs:[00000030h]5_2_33AE9730
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AE9730 mov eax, dword ptr fs:[00000030h]5_2_33AE9730
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AF7703 mov eax, dword ptr fs:[00000030h]5_2_33AF7703
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AF5702 mov eax, dword ptr fs:[00000030h]5_2_33AF5702
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AF5702 mov eax, dword ptr fs:[00000030h]5_2_33AF5702
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B2F71F mov eax, dword ptr fs:[00000030h]5_2_33B2F71F
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B2F71F mov eax, dword ptr fs:[00000030h]5_2_33B2F71F
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEB765 mov eax, dword ptr fs:[00000030h]5_2_33AEB765
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEB765 mov eax, dword ptr fs:[00000030h]5_2_33AEB765
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEB765 mov eax, dword ptr fs:[00000030h]5_2_33AEB765
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEB765 mov eax, dword ptr fs:[00000030h]5_2_33AEB765
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B9375F mov eax, dword ptr fs:[00000030h]5_2_33B9375F
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B9375F mov eax, dword ptr fs:[00000030h]5_2_33B9375F
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B9375F mov eax, dword ptr fs:[00000030h]5_2_33B9375F
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B9375F mov eax, dword ptr fs:[00000030h]5_2_33B9375F
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B9375F mov eax, dword ptr fs:[00000030h]5_2_33B9375F
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B03740 mov eax, dword ptr fs:[00000030h]5_2_33B03740
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B03740 mov eax, dword ptr fs:[00000030h]5_2_33B03740
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B03740 mov eax, dword ptr fs:[00000030h]5_2_33B03740
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BC3749 mov eax, dword ptr fs:[00000030h]5_2_33BC3749
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AED6AA mov eax, dword ptr fs:[00000030h]5_2_33AED6AA
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AED6AA mov eax, dword ptr fs:[00000030h]5_2_33AED6AA
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AE76B2 mov eax, dword ptr fs:[00000030h]5_2_33AE76B2
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AE76B2 mov eax, dword ptr fs:[00000030h]5_2_33AE76B2
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AE76B2 mov eax, dword ptr fs:[00000030h]5_2_33AE76B2
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B7368C mov eax, dword ptr fs:[00000030h]5_2_33B7368C
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B7368C mov eax, dword ptr fs:[00000030h]5_2_33B7368C
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B7368C mov eax, dword ptr fs:[00000030h]5_2_33B7368C
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B7368C mov eax, dword ptr fs:[00000030h]5_2_33B7368C
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BAD6F0 mov eax, dword ptr fs:[00000030h]5_2_33BAD6F0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1D6E0 mov eax, dword ptr fs:[00000030h]5_2_33B1D6E0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1D6E0 mov eax, dword ptr fs:[00000030h]5_2_33B1D6E0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B836EE mov eax, dword ptr fs:[00000030h]5_2_33B836EE
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B836EE mov eax, dword ptr fs:[00000030h]5_2_33B836EE
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B836EE mov eax, dword ptr fs:[00000030h]5_2_33B836EE
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B836EE mov eax, dword ptr fs:[00000030h]5_2_33B836EE
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B836EE mov eax, dword ptr fs:[00000030h]5_2_33B836EE
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B836EE mov eax, dword ptr fs:[00000030h]5_2_33B836EE
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AFB6C0 mov eax, dword ptr fs:[00000030h]5_2_33AFB6C0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AFB6C0 mov eax, dword ptr fs:[00000030h]5_2_33AFB6C0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AFB6C0 mov eax, dword ptr fs:[00000030h]5_2_33AFB6C0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AFB6C0 mov eax, dword ptr fs:[00000030h]5_2_33AFB6C0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AFB6C0 mov eax, dword ptr fs:[00000030h]5_2_33AFB6C0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AFB6C0 mov eax, dword ptr fs:[00000030h]5_2_33AFB6C0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BB16CC mov eax, dword ptr fs:[00000030h]5_2_33BB16CC
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BB16CC mov eax, dword ptr fs:[00000030h]5_2_33BB16CC
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BB16CC mov eax, dword ptr fs:[00000030h]5_2_33BB16CC
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BB16CC mov eax, dword ptr fs:[00000030h]5_2_33BB16CC
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BAF6C7 mov eax, dword ptr fs:[00000030h]5_2_33BAF6C7
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B216CF mov eax, dword ptr fs:[00000030h]5_2_33B216CF
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEF626 mov eax, dword ptr fs:[00000030h]5_2_33AEF626
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEF626 mov eax, dword ptr fs:[00000030h]5_2_33AEF626
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEF626 mov eax, dword ptr fs:[00000030h]5_2_33AEF626
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEF626 mov eax, dword ptr fs:[00000030h]5_2_33AEF626
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEF626 mov eax, dword ptr fs:[00000030h]5_2_33AEF626
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEF626 mov eax, dword ptr fs:[00000030h]5_2_33AEF626
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEF626 mov eax, dword ptr fs:[00000030h]5_2_33AEF626
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEF626 mov eax, dword ptr fs:[00000030h]5_2_33AEF626
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEF626 mov eax, dword ptr fs:[00000030h]5_2_33AEF626
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BC5636 mov eax, dword ptr fs:[00000030h]5_2_33BC5636
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B2F603 mov eax, dword ptr fs:[00000030h]5_2_33B2F603
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B21607 mov eax, dword ptr fs:[00000030h]5_2_33B21607
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AF3616 mov eax, dword ptr fs:[00000030h]5_2_33AF3616
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AF3616 mov eax, dword ptr fs:[00000030h]5_2_33AF3616
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B29660 mov eax, dword ptr fs:[00000030h]5_2_33B29660
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B29660 mov eax, dword ptr fs:[00000030h]5_2_33B29660
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B8D660 mov eax, dword ptr fs:[00000030h]5_2_33B8D660
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1F5B0 mov eax, dword ptr fs:[00000030h]5_2_33B1F5B0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1F5B0 mov eax, dword ptr fs:[00000030h]5_2_33B1F5B0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1F5B0 mov eax, dword ptr fs:[00000030h]5_2_33B1F5B0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1F5B0 mov eax, dword ptr fs:[00000030h]5_2_33B1F5B0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1F5B0 mov eax, dword ptr fs:[00000030h]5_2_33B1F5B0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1F5B0 mov eax, dword ptr fs:[00000030h]5_2_33B1F5B0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1F5B0 mov eax, dword ptr fs:[00000030h]5_2_33B1F5B0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1F5B0 mov eax, dword ptr fs:[00000030h]5_2_33B1F5B0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1F5B0 mov eax, dword ptr fs:[00000030h]5_2_33B1F5B0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B835BA mov eax, dword ptr fs:[00000030h]5_2_33B835BA
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B835BA mov eax, dword ptr fs:[00000030h]5_2_33B835BA
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B835BA mov eax, dword ptr fs:[00000030h]5_2_33B835BA
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B835BA mov eax, dword ptr fs:[00000030h]5_2_33B835BA
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BAF5BE mov eax, dword ptr fs:[00000030h]5_2_33BAF5BE
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B8D5B0 mov eax, dword ptr fs:[00000030h]5_2_33B8D5B0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B8D5B0 mov eax, dword ptr fs:[00000030h]5_2_33B8D5B0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B115A9 mov eax, dword ptr fs:[00000030h]5_2_33B115A9
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B115A9 mov eax, dword ptr fs:[00000030h]5_2_33B115A9
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B115A9 mov eax, dword ptr fs:[00000030h]5_2_33B115A9
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B115A9 mov eax, dword ptr fs:[00000030h]5_2_33B115A9
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B115A9 mov eax, dword ptr fs:[00000030h]5_2_33B115A9
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AE758F mov eax, dword ptr fs:[00000030h]5_2_33AE758F
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AE758F mov eax, dword ptr fs:[00000030h]5_2_33AE758F
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AE758F mov eax, dword ptr fs:[00000030h]5_2_33AE758F
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B7B594 mov eax, dword ptr fs:[00000030h]5_2_33B7B594
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B7B594 mov eax, dword ptr fs:[00000030h]5_2_33B7B594
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B115F4 mov eax, dword ptr fs:[00000030h]5_2_33B115F4
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B115F4 mov eax, dword ptr fs:[00000030h]5_2_33B115F4
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B115F4 mov eax, dword ptr fs:[00000030h]5_2_33B115F4
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B115F4 mov eax, dword ptr fs:[00000030h]5_2_33B115F4
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B115F4 mov eax, dword ptr fs:[00000030h]5_2_33B115F4
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B115F4 mov eax, dword ptr fs:[00000030h]5_2_33B115F4
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B6D5D0 mov eax, dword ptr fs:[00000030h]5_2_33B6D5D0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B6D5D0 mov ecx, dword ptr fs:[00000030h]5_2_33B6D5D0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BC35D7 mov eax, dword ptr fs:[00000030h]5_2_33BC35D7
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BC35D7 mov eax, dword ptr fs:[00000030h]5_2_33BC35D7
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BC35D7 mov eax, dword ptr fs:[00000030h]5_2_33BC35D7
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B195DA mov eax, dword ptr fs:[00000030h]5_2_33B195DA
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B255C0 mov eax, dword ptr fs:[00000030h]5_2_33B255C0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BC55C9 mov eax, dword ptr fs:[00000030h]5_2_33BC55C9
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B2D530 mov eax, dword ptr fs:[00000030h]5_2_33B2D530
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B2D530 mov eax, dword ptr fs:[00000030h]5_2_33B2D530
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BC5537 mov eax, dword ptr fs:[00000030h]5_2_33BC5537
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BAB52F mov eax, dword ptr fs:[00000030h]5_2_33BAB52F
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AFD534 mov eax, dword ptr fs:[00000030h]5_2_33AFD534
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AFD534 mov eax, dword ptr fs:[00000030h]5_2_33AFD534
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AFD534 mov eax, dword ptr fs:[00000030h]5_2_33AFD534
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AFD534 mov eax, dword ptr fs:[00000030h]5_2_33AFD534
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AFD534 mov eax, dword ptr fs:[00000030h]5_2_33AFD534
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AFD534 mov eax, dword ptr fs:[00000030h]5_2_33AFD534
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B9F525 mov eax, dword ptr fs:[00000030h]5_2_33B9F525
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B9F525 mov eax, dword ptr fs:[00000030h]5_2_33B9F525
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B9F525 mov eax, dword ptr fs:[00000030h]5_2_33B9F525
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B9F525 mov eax, dword ptr fs:[00000030h]5_2_33B9F525
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B9F525 mov eax, dword ptr fs:[00000030h]5_2_33B9F525
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B9F525 mov eax, dword ptr fs:[00000030h]5_2_33B9F525
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B9F525 mov eax, dword ptr fs:[00000030h]5_2_33B9F525
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B27505 mov eax, dword ptr fs:[00000030h]5_2_33B27505
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B27505 mov ecx, dword ptr fs:[00000030h]5_2_33B27505
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B2B570 mov eax, dword ptr fs:[00000030h]5_2_33B2B570
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B2B570 mov eax, dword ptr fs:[00000030h]5_2_33B2B570
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEB562 mov eax, dword ptr fs:[00000030h]5_2_33AEB562
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B9B550 mov eax, dword ptr fs:[00000030h]5_2_33B9B550
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B9B550 mov eax, dword ptr fs:[00000030h]5_2_33B9B550
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B9B550 mov eax, dword ptr fs:[00000030h]5_2_33B9B550
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B234B0 mov eax, dword ptr fs:[00000030h]5_2_33B234B0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AE74B0 mov eax, dword ptr fs:[00000030h]5_2_33AE74B0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AE74B0 mov eax, dword ptr fs:[00000030h]5_2_33AE74B0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AF9486 mov eax, dword ptr fs:[00000030h]5_2_33AF9486
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AF9486 mov eax, dword ptr fs:[00000030h]5_2_33AF9486
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEB480 mov eax, dword ptr fs:[00000030h]5_2_33AEB480
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B994E0 mov eax, dword ptr fs:[00000030h]5_2_33B994E0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BC54DB mov eax, dword ptr fs:[00000030h]5_2_33BC54DB
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B77410 mov eax, dword ptr fs:[00000030h]5_2_33B77410
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1340D mov eax, dword ptr fs:[00000030h]5_2_33B1340D
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BC547F mov eax, dword ptr fs:[00000030h]5_2_33BC547F
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AF1460 mov eax, dword ptr fs:[00000030h]5_2_33AF1460
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AF1460 mov eax, dword ptr fs:[00000030h]5_2_33AF1460
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AF1460 mov eax, dword ptr fs:[00000030h]5_2_33AF1460
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AF1460 mov eax, dword ptr fs:[00000030h]5_2_33AF1460
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AF1460 mov eax, dword ptr fs:[00000030h]5_2_33AF1460
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B0F460 mov eax, dword ptr fs:[00000030h]5_2_33B0F460
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B0F460 mov eax, dword ptr fs:[00000030h]5_2_33B0F460
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B0F460 mov eax, dword ptr fs:[00000030h]5_2_33B0F460
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B0F460 mov eax, dword ptr fs:[00000030h]5_2_33B0F460
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B0F460 mov eax, dword ptr fs:[00000030h]5_2_33B0F460
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B0F460 mov eax, dword ptr fs:[00000030h]5_2_33B0F460
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BAF453 mov eax, dword ptr fs:[00000030h]5_2_33BAF453
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B9B450 mov eax, dword ptr fs:[00000030h]5_2_33B9B450
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B9B450 mov eax, dword ptr fs:[00000030h]5_2_33B9B450
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B9B450 mov eax, dword ptr fs:[00000030h]5_2_33B9B450
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B9B450 mov eax, dword ptr fs:[00000030h]5_2_33B9B450
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AFB440 mov eax, dword ptr fs:[00000030h]5_2_33AFB440
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AFB440 mov eax, dword ptr fs:[00000030h]5_2_33AFB440
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AFB440 mov eax, dword ptr fs:[00000030h]5_2_33AFB440
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AFB440 mov eax, dword ptr fs:[00000030h]5_2_33AFB440
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AFB440 mov eax, dword ptr fs:[00000030h]5_2_33AFB440
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AFB440 mov eax, dword ptr fs:[00000030h]5_2_33AFB440
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1DBA0 mov eax, dword ptr fs:[00000030h]5_2_33B1DBA0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1DBA0 mov eax, dword ptr fs:[00000030h]5_2_33B1DBA0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1DBA0 mov eax, dword ptr fs:[00000030h]5_2_33B1DBA0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1DBA0 mov eax, dword ptr fs:[00000030h]5_2_33B1DBA0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1DBA0 mov eax, dword ptr fs:[00000030h]5_2_33B1DBA0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1DBA0 mov eax, dword ptr fs:[00000030h]5_2_33B1DBA0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B29B9F mov eax, dword ptr fs:[00000030h]5_2_33B29B9F
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B29B9F mov eax, dword ptr fs:[00000030h]5_2_33B29B9F
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B29B9F mov eax, dword ptr fs:[00000030h]5_2_33B29B9F
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BAFB97 mov eax, dword ptr fs:[00000030h]5_2_33BAFB97
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BB9B8B mov eax, dword ptr fs:[00000030h]5_2_33BB9B8B
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BB9B8B mov eax, dword ptr fs:[00000030h]5_2_33BB9B8B
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BAFBF3 mov eax, dword ptr fs:[00000030h]5_2_33BAFBF3
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B31BEF mov eax, dword ptr fs:[00000030h]5_2_33B31BEF
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B31BEF mov eax, dword ptr fs:[00000030h]5_2_33B31BEF
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AE7BCD mov eax, dword ptr fs:[00000030h]5_2_33AE7BCD
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AE7BCD mov ecx, dword ptr fs:[00000030h]5_2_33AE7BCD
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B03BD6 mov eax, dword ptr fs:[00000030h]5_2_33B03BD6
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B03BD6 mov eax, dword ptr fs:[00000030h]5_2_33B03BD6
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B03BD6 mov eax, dword ptr fs:[00000030h]5_2_33B03BD6
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B03BD6 mov eax, dword ptr fs:[00000030h]5_2_33B03BD6
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B03BD6 mov eax, dword ptr fs:[00000030h]5_2_33B03BD6
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AF9BC4 mov eax, dword ptr fs:[00000030h]5_2_33AF9BC4
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B7FBDC mov eax, dword ptr fs:[00000030h]5_2_33B7FBDC
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B7FBDC mov eax, dword ptr fs:[00000030h]5_2_33B7FBDC
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B7FBDC mov eax, dword ptr fs:[00000030h]5_2_33B7FBDC
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B29B28 mov eax, dword ptr fs:[00000030h]5_2_33B29B28
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B29B28 mov eax, dword ptr fs:[00000030h]5_2_33B29B28
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AF1B04 mov eax, dword ptr fs:[00000030h]5_2_33AF1B04
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AF1B04 mov eax, dword ptr fs:[00000030h]5_2_33AF1B04
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1DB00 mov eax, dword ptr fs:[00000030h]5_2_33B1DB00
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1DB00 mov eax, dword ptr fs:[00000030h]5_2_33B1DB00
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1DB00 mov eax, dword ptr fs:[00000030h]5_2_33B1DB00
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1DB00 mov eax, dword ptr fs:[00000030h]5_2_33B1DB00
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1DB00 mov eax, dword ptr fs:[00000030h]5_2_33B1DB00
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1DB00 mov edx, dword ptr fs:[00000030h]5_2_33B1DB00
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BAFB0C mov eax, dword ptr fs:[00000030h]5_2_33BAFB0C
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B93B60 mov eax, dword ptr fs:[00000030h]5_2_33B93B60
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B93B60 mov eax, dword ptr fs:[00000030h]5_2_33B93B60
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B93B60 mov eax, dword ptr fs:[00000030h]5_2_33B93B60
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B93B60 mov eax, dword ptr fs:[00000030h]5_2_33B93B60
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B93B60 mov eax, dword ptr fs:[00000030h]5_2_33B93B60
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEFB4C mov edi, dword ptr fs:[00000030h]5_2_33AEFB4C
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B85B50 mov eax, dword ptr fs:[00000030h]5_2_33B85B50
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B85B50 mov eax, dword ptr fs:[00000030h]5_2_33B85B50
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEFAA4 mov ecx, dword ptr fs:[00000030h]5_2_33AEFAA4
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AFBAA0 mov eax, dword ptr fs:[00000030h]5_2_33AFBAA0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AFBAA0 mov eax, dword ptr fs:[00000030h]5_2_33AFBAA0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B9DAAC mov ecx, dword ptr fs:[00000030h]5_2_33B9DAAC
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B9DAAC mov ecx, dword ptr fs:[00000030h]5_2_33B9DAAC
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B9DAAC mov eax, dword ptr fs:[00000030h]5_2_33B9DAAC
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BA1AA3 mov eax, dword ptr fs:[00000030h]5_2_33BA1AA3
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BA1AA3 mov eax, dword ptr fs:[00000030h]5_2_33BA1AA3
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BA1AA3 mov eax, dword ptr fs:[00000030h]5_2_33BA1AA3
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1DAAE mov eax, dword ptr fs:[00000030h]5_2_33B1DAAE
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AE7A80 mov eax, dword ptr fs:[00000030h]5_2_33AE7A80
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AE7A80 mov eax, dword ptr fs:[00000030h]5_2_33AE7A80
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AE7A80 mov eax, dword ptr fs:[00000030h]5_2_33AE7A80
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BAFA87 mov eax, dword ptr fs:[00000030h]5_2_33BAFA87
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEBAE0 mov eax, dword ptr fs:[00000030h]5_2_33AEBAE0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B85AD0 mov eax, dword ptr fs:[00000030h]5_2_33B85AD0
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1BADA mov eax, dword ptr fs:[00000030h]5_2_33B1BADA
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B71ACB mov eax, dword ptr fs:[00000030h]5_2_33B71ACB
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B71ACB mov ecx, dword ptr fs:[00000030h]5_2_33B71ACB
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1DA20 mov eax, dword ptr fs:[00000030h]5_2_33B1DA20
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B1DA20 mov eax, dword ptr fs:[00000030h]5_2_33B1DA20
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AFBA30 mov eax, dword ptr fs:[00000030h]5_2_33AFBA30
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AFBA30 mov ecx, dword ptr fs:[00000030h]5_2_33AFBA30
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AFBA30 mov eax, dword ptr fs:[00000030h]5_2_33AFBA30
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AFBA30 mov eax, dword ptr fs:[00000030h]5_2_33AFBA30
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AFBA30 mov eax, dword ptr fs:[00000030h]5_2_33AFBA30
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AFBA30 mov eax, dword ptr fs:[00000030h]5_2_33AFBA30
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B97A11 mov edi, dword ptr fs:[00000030h]5_2_33B97A11
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B19A18 mov ecx, dword ptr fs:[00000030h]5_2_33B19A18
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B6DA1D mov eax, dword ptr fs:[00000030h]5_2_33B6DA1D
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B9BA0B mov eax, dword ptr fs:[00000030h]5_2_33B9BA0B
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B9BA0B mov eax, dword ptr fs:[00000030h]5_2_33B9BA0B
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B9BA0B mov eax, dword ptr fs:[00000030h]5_2_33B9BA0B
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B9BA0B mov eax, dword ptr fs:[00000030h]5_2_33B9BA0B
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B25A01 mov eax, dword ptr fs:[00000030h]5_2_33B25A01
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B25A01 mov ecx, dword ptr fs:[00000030h]5_2_33B25A01
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B25A01 mov eax, dword ptr fs:[00000030h]5_2_33B25A01
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B25A01 mov eax, dword ptr fs:[00000030h]5_2_33B25A01
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33BAFA02 mov eax, dword ptr fs:[00000030h]5_2_33BAFA02
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33AEBA10 mov eax, dword ptr fs:[00000030h]5_2_33AEBA10
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B83A78 mov eax, dword ptr fs:[00000030h]5_2_33B83A78
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B83A78 mov eax, dword ptr fs:[00000030h]5_2_33B83A78
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B83A78 mov eax, dword ptr fs:[00000030h]5_2_33B83A78
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 5_2_33B83A78 mov eax, dword ptr fs:[00000030h]5_2_33B83A78
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeProcess created: C:\Users\user\Desktop\rTransferenciarealizada451236.exe "C:\Users\user\Desktop\rTransferenciarealizada451236.exe"Jump to behavior
    Source: C:\Users\user\Desktop\rTransferenciarealizada451236.exeCode function: 0_2_004031BB EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004031BB

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
    Native API    		1
    DLL Side-Loading    		1
    Access Token Manipulation    		11
    Masquerading    		OS Credential Dumping211
    Security Software Discovery    		Remote Services1
    Archive Collected Data    		11
    Encrypted Channel    		Exfiltration Over Other Network Medium1
    System Shutdown/Reboot
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts11
    Process Injection    		1
    Access Token Manipulation    		LSASS Memory3
    File and Directory Discovery    		Remote Desktop Protocol1
    Clipboard Data    		1
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
    DLL Side-Loading    		11
    Process Injection    		Security Account Manager23
    System Information Discovery    		SMB/Windows Admin SharesData from Network Shared Drive2
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
    Deobfuscate/Decode Files or Information    		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture13
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
    Obfuscated Files or Information    		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    rTransferenciarealizada451236.exe16%ReversingLabsWin32.Backdoor.FormBook
    rTransferenciarealizada451236.exe32%VirustotalBrowse
    rTransferenciarealizada451236.exe100%AviraHEUR/AGEN.1361137

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Local\Temp\nso93F1.tmp\System.dll0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    SourceDetectionScannerLabelLink
    drive.google.com0%VirustotalBrowse
    drive.usercontent.google.com1%VirustotalBrowse

    URLs

    SourceDetectionScannerLabelLink
    http://nsis.sf.net/NSIS_Error0%URL Reputationsafe
    https://apis.google.com0%URL Reputationsafe
    http://nsis.sf.net/NSIS_ErrorError0%URL Reputationsafe
    https://www.google.com0%VirustotalBrowse
    http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd0%VirustotalBrowse

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    drive.google.com
    		142.250.186.142
    		truefalseunknown
    drive.usercontent.google.com
    		142.250.185.193
    		truefalseunknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtdrTransferenciarealizada451236.exe, 00000005.00000001.2676520137.00000000005F2000.00000008.00000001.01000000.00000007.sdmpfalseunknown
    https://www.google.comrTransferenciarealizada451236.exe, 00000005.00000003.2725645535.0000000003A8B000.00000004.00000020.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000003.2725724585.0000000003A8B000.00000004.00000020.00020000.00000000.sdmpfalseunknown
    http://www.ftp.ftp://ftp.gopher.rTransferenciarealizada451236.exe, 00000005.00000001.2676520137.0000000000649000.00000008.00000001.01000000.00000007.sdmpfalse
      		unknown
      https://drive.usercontent.google.com/rTransferenciarealizada451236.exe, 00000005.00000003.2917130489.0000000003A7F000.00000004.00000020.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000003.2917338648.0000000003A88000.00000004.00000020.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000003.2763596938.0000000003A8B000.00000004.00000020.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000002.4155375280.0000000003A8B000.00000004.00000020.00020000.00000000.sdmpfalse
        		unknown
        http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtdrTransferenciarealizada451236.exe, 00000005.00000001.2676520137.00000000005F2000.00000008.00000001.01000000.00000007.sdmpfalse
          		unknown
          http://nsis.sf.net/NSIS_ErrorrTransferenciarealizada451236.exefalse
          • URL Reputation: safe
          		unknown
          https://apis.google.comrTransferenciarealizada451236.exe, 00000005.00000003.2725645535.0000000003A8B000.00000004.00000020.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000003.2725724585.0000000003A8B000.00000004.00000020.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://nsis.sf.net/NSIS_ErrorErrorrTransferenciarealizada451236.exefalse
          • URL Reputation: safe
          		unknown
          https://drive.google.com/rTransferenciarealizada451236.exe, 00000005.00000002.4155197056.0000000003A18000.00000004.00000020.00020000.00000000.sdmpfalse
            		unknown
            https://drive.usercontent.google.com/drTransferenciarealizada451236.exe, 00000005.00000003.2917130489.0000000003A7F000.00000004.00000020.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000003.2917338648.0000000003A88000.00000004.00000020.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000003.2763596938.0000000003A8B000.00000004.00000020.00020000.00000000.sdmp, rTransferenciarealizada451236.exe, 00000005.00000002.4155375280.0000000003A8B000.00000004.00000020.00020000.00000000.sdmpfalse
              		unknown
              https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214rTransferenciarealizada451236.exe, 00000005.00000001.2676520137.0000000000649000.00000008.00000001.01000000.00000007.sdmpfalse
                		unknown

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                142.250.185.193
                		drive.usercontent.google.comUnited States
                		15169GOOGLEUSfalse
                142.250.186.142
                		drive.google.comUnited States
                		15169GOOGLEUSfalse

                General Information

                Joe Sandbox version:41.0.0 Charoite
                Analysis ID:1545014
                Start date and time:2024-10-30 01:01:06 +01:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:0h 8m 29s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:default.jbs
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:6
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Sample name:rTransferenciarealizada451236.exe
                Detection:MAL
                Classification:mal76.troj.evad.winEXE@3/12@2/2
                EGA Information:
                • Successful, ratio: 100%
                HCA Information:
                • Successful, ratio: 88%
                • Number of executed functions: 54
                • Number of non-executed functions: 294
                Cookbook Comments:
                • Found application associated with file extension: .exe
                • Override analysis time to 240000 for current running targets taking high CPU consumption

                Warnings

                • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                • Excluded domains from analysis (whitelisted): d.8.0.a.e.e.f.b.0.0.0.0.0.0.0.0.5.0.0.0.0.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                • Not all processes where analyzed, report is missing behavior information
                • Report size getting too big, too many NtOpenKeyEx calls found.
                • Report size getting too big, too many NtQueryValueKey calls found.
                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                Simulations

                Behavior and APIs

                No simulations

                Joe Sandbox View / Context

                IPs

                No context

                Domains

                No context

                ASNs

                No context

                JA3 Fingerprints

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                37f463bf4616ecd445d4a1937da06e19PO-10212024168877 PNG2023-W101.exeGet hashmaliciousGuLoaderBrowse
                • 142.250.186.142
                • 142.250.185.193
                file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                • 142.250.186.142
                • 142.250.185.193
                PO-10212024168877 PNG2023-W101.exeGet hashmaliciousGuLoaderBrowse
                • 142.250.186.142
                • 142.250.185.193
                2DpxPyeiUv.exeGet hashmaliciousStealc, VidarBrowse
                • 142.250.186.142
                • 142.250.185.193
                PO-000041522.exeGet hashmaliciousFormBookBrowse
                • 142.250.186.142
                • 142.250.185.193
                PO-000041522.exeGet hashmaliciousFormBookBrowse
                • 142.250.186.142
                • 142.250.185.193
                rRFQSMRT-241883-2024.exeGet hashmaliciousFormBook, GuLoaderBrowse
                • 142.250.186.142
                • 142.250.185.193
                DividasAtivas_tgj.vbsGet hashmaliciousUnknownBrowse
                • 142.250.186.142
                • 142.250.185.193
                ZAPYTANIE OFERTOWE ST-2024-S315 CPA9170385.exeGet hashmaliciousCryptOne, Snake Keylogger, VIP KeyloggerBrowse
                • 142.250.186.142
                • 142.250.185.193
                audiosrv.dllGet hashmaliciousMatanbuchusBrowse
                • 142.250.186.142
                • 142.250.185.193

                Dropped Files

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                C:\Users\user\AppData\Local\Temp\nso93F1.tmp\System.dllBOQ-_AE200033.exeGet hashmaliciousFormBook, GuLoaderBrowse
                  BOQ-_AE200033.exeGet hashmaliciousGuLoaderBrowse
                    onKJBaINbE.exeGet hashmaliciousGuLoaderBrowse
                      onKJBaINbE.exeGet hashmaliciousGuLoaderBrowse
                        l8DBc92n3x.exeGet hashmaliciousGuLoaderBrowse
                          l8DBc92n3x.exeGet hashmaliciousGuLoaderBrowse
                            jmQH1KPMfY.exeGet hashmaliciousGuLoaderBrowse
                              jmQH1KPMfY.exeGet hashmaliciousGuLoaderBrowse
                                Dekont.exeGet hashmaliciousGuLoaderBrowse
                                  Dekont.exeGet hashmaliciousGuLoaderBrowse

                                    Created / dropped Files

                                    C:\Users\user\AppData\Local\Temp\nso93F1.tmp\System.dll

                                    Download File
                                    Process:C:\Users\user\Desktop\rTransferenciarealizada451236.exe
                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):11264
                                    Entropy (8bit):5.767999234165119
                                    Encrypted:false
                                    SSDEEP:192:cPtkumJX7zBE2kGwfy9S9VkPsFQ1MZ1c:N7O2k5q9wA1MZa
                                    MD5:C9473CB90D79A374B2BA6040CA16E45C
                                    SHA1:AB95B54F12796DCE57210D65F05124A6ED81234A
                                    SHA-256:B80A5CBA69D1853ED5979B0CA0352437BF368A5CFB86CB4528EDADD410E11352
                                    SHA-512:EAFE7D5894622BC21F663BCA4DD594392EE0F5B29270B6B56B0187093D6A3A103545464FF6398AD32D2CF15DAB79B1F133218BA9BA337DDC01330B5ADA804D7B
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Joe Sandbox View:
                                    • Filename: BOQ-_AE200033.exe, Detection: malicious, Browse
                                    • Filename: BOQ-_AE200033.exe, Detection: malicious, Browse
                                    • Filename: onKJBaINbE.exe, Detection: malicious, Browse
                                    • Filename: onKJBaINbE.exe, Detection: malicious, Browse
                                    • Filename: l8DBc92n3x.exe, Detection: malicious, Browse
                                    • Filename: l8DBc92n3x.exe, Detection: malicious, Browse
                                    • Filename: jmQH1KPMfY.exe, Detection: malicious, Browse
                                    • Filename: jmQH1KPMfY.exe, Detection: malicious, Browse
                                    • Filename: Dekont.exe, Detection: malicious, Browse
                                    • Filename: Dekont.exe, Detection: malicious, Browse
                                    Reputation:moderate, very likely benign file
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j.9..i....l....l.Richm.........................PE..L.....uY...........!.................'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text...O........................... ..`.rdata..S....0......."..............@..@.data...h....@.......&..............@....reloc..^....P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Users\user\entomostraca\nonmissionary\Anklages.bod

                                    Download File
                                    Process:C:\Users\user\Desktop\rTransferenciarealizada451236.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):429406
                                    Entropy (8bit):1.2536590133356693
                                    Encrypted:false
                                    SSDEEP:768:85nhJxzwEt9iIiklH+RybHpWf86+6Jl71/F4V/ay/b1kgPN0kfPvgJ95A9dqsFx/:7Et1jHF4h9exefjskVy6Ofnp44PcT+
                                    MD5:BEB0697FF747AFD61850CF6C4221D5BD
                                    SHA1:B36F5A97652154421DEDE2C9EFA27C5BC48F696B
                                    SHA-256:886B9AEA37A0D8F21E3A9DAEB974CFF48197A47FE17279130576779E43EA44D5
                                    SHA-512:A64ADB44F9EA5395C3712F84FAC6D124486F8589FD8F2F5E6AFABC741E603651F405954AEB753DA1AD67AF3A05B7C39CBC552334CDF4C075B032C58967089790
                                    Malicious:false
                                    Reputation:low
                                    Preview:..............=............................M.....9.....................f.........................".f.......................S.M..............................................*...........................u.........................u......|.................................................................................................U.&..............8.....................m............................................................................................G..................5.................................................<.........................................t...............................s........................................................Y....y.....m...........................a..I.........Z...s..........Ww......................................~...........................................................................................................................c.................w.......>.".................................0..............r.......................]..

                                    C:\Users\user\entomostraca\nonmissionary\Sjipnings.Bou

                                    Download File
                                    Process:C:\Users\user\Desktop\rTransferenciarealizada451236.exe
                                    File Type:ASCII text, with very long lines (65536), with no line terminators
                                    Category:dropped
                                    Size (bytes):442742
                                    Entropy (8bit):2.6503922490876226
                                    Encrypted:false
                                    SSDEEP:3072:J0tpYx2QPaAOOjQV5872Px/Zl39hlCMBwPW1utBJC:J0cx2NAOOjQV5872P/lLlTBwPW1aBI
                                    MD5:2633331591C0E4D22BD7E67FFBEA60DC
                                    SHA1:D187F842D95B108267740BE4658ECBD83591009D
                                    SHA-256:1809C967D2AB6BD088913E9911301528AF8BED3F26DFFC314146E07EEEDFEBEF
                                    SHA-512:6319F8FA8559E8E9F32714BE74FBDD0ABA4536860F34781D07408B88818281CC34F1342D89B89E66CEB73E5BE3D62E0C2D318812942CA2D5493B0597FC05E528
                                    Malicious:false
                                    Reputation:low
                                    Preview:00006262000000FE0000000000C4000000D8D8D80000D9D9D9D9000000640084006E6E004400000000DBDB005500000000ECECECECECEC00F7000000000050500000919100ACAC0000A7000000001E00D300009E0000410000505000001E1E00006D6D009F0074000000D1D1002700007900005500000000004E00B2B2B200E3000028005C5C0000F9000000003A3A00000C0000001A1A001C00009696969600C5C5C5C50000001600520000000000610000E8E800006C000F0F0F0F000000990000D6D6000097970000000000A1A1A1A100B5B500002D2D2D001B1B0000ED000000009B00000000E3E3000000AA00EBEBEBEBEB009B0000DFDFDF0000000000B300AA001C00006C00A200FDFD0018180000000000000000DEDEDE00ED00000000000000080800009C9C9C009600B9B900005A5A0000200015151515150000DEDE009A000000510000002500FB0000007B003C3C00C8C800001400000000FDFD000000000000000020202020000000000000000000E4E4000000004F4F007B7B000000320000D1D1D1D10000006400D7D70000FA00B6B6B6B6000000005E000000EA00E8000000B900ADADADADAD0000000000939393000E005A00002020000000EAEA00980000000000850096969696003A00000000007C7C000000BFBF00000000161600313100E90000000000F4F400000020

                                    C:\Users\user\entomostraca\nonmissionary\Sprechstallmeisters\beggarliness.rab

                                    Download File
                                    Process:C:\Users\user\Desktop\rTransferenciarealizada451236.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):433577
                                    Entropy (8bit):1.254581983664173
                                    Encrypted:false
                                    SSDEEP:1536:hnk5eUOtB6NJw8scQFwogPfCrb7iGRpPEG+sCLO6u:tktO8orbP/+su8
                                    MD5:5066398DACF47B0581CBAE543934824F
                                    SHA1:F17D4884D4F1743E99E9CC2ACB4927D3AAC3F87C
                                    SHA-256:E8A6C6CC2F29488EE76E0E5F5751C8345D8FCFA58AE162F98E07ECBABF8F58B5
                                    SHA-512:9B937A0D2A77DA03244B4ABEBE2B015A55FB3ACDF6E60587DEBDD5EFBE90D62EA0353D3EB0E77F7EB4A34FF0AFA6A85484A983B7C676E9AE821D6DC6A1559922
                                    Malicious:false
                                    Reputation:low
                                    Preview:.......................................3.....................w..........................................v.................0..............;...............................?......................................f.p........I..................................................r...................E...................................Z....u...........P................................................L........`............................<......................................(......................g..........................8......................h.....................)...........................~........P.................................................'..........................................................................................................-...................K............+.....<........................d.|.........................................n..........................9............................................o......../.....................e.............................

                                    C:\Users\user\entomostraca\nonmissionary\Sprechstallmeisters\besindelse.del

                                    Download File
                                    Process:C:\Users\user\Desktop\rTransferenciarealizada451236.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):478871
                                    Entropy (8bit):1.2462455290525662
                                    Encrypted:false
                                    SSDEEP:1536:oXoLe735oOOBiucAvUul/HY2/XtMWRHrRLhamiX:o4LuJNOBizS/HtFMWRLbam2
                                    MD5:BA84ECD8B2559ECBECBDE1432C367ECE
                                    SHA1:ABFFEADCFD7ED93B57D884A9437A62E19EB66D11
                                    SHA-256:9FAD11E966E65F071438182D65D5C366FDEC1B2E6E55B62FAC6D340ED6AF8E3D
                                    SHA-512:3EC3B59C9F7FC3039BFDF8F902A79F147F9D2F4D691BDAD62DF9EDC209061931469DC9857EAC0F22CA94FE3A33681520CFCD1953EBBAFE575BFFAB8263E6D52F
                                    Malicious:false
                                    Reputation:low
                                    Preview:.....................................\........................f.........................................<.............%...............................................;..........................................X....................................................................................................P...............................................................................................................................................................................................@...............................................................................................a.............................._...............,......................"......................&.................................:.a.........................t................,..................................................<.....................A.....................!.....................O...............S...........4.....J.....................................h......-...7..}..........................

                                    C:\Users\user\entomostraca\nonmissionary\Sprechstallmeisters\bevidsthedsudvidelsen.und

                                    Download File
                                    Process:C:\Users\user\Desktop\rTransferenciarealizada451236.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):221536
                                    Entropy (8bit):1.2443001674266274
                                    Encrypted:false
                                    SSDEEP:768:Sr45/U0agoHI2U/gRdeMgkZhDARzPafwGkOyRuI6WFTPj4c2ciLTSXfkgzIWN2CV:z/3POxDyCo6yjXH
                                    MD5:2A6FFC736E96E911CC777DF21DD9207C
                                    SHA1:41FE98C7AC97AC97F444383E8838F63899AC6A85
                                    SHA-256:ADC2099B40E08D64C7C12E43F0A4877F9C8B2593B86EDB6EB6381049093AAFEE
                                    SHA-512:B5C391F6106950D37110144968B899FE6F929DBB00257657BA8E63FB1FFB024AEBE3EB6B8C3F0E4C336B5D4156D9A1E88D882F14D04555006AFD66175B59E95A
                                    Malicious:false
                                    Reputation:low
                                    Preview:........X........7.....................1.............................................&......u...........V..h...............,..............................G................................................................................l........................7.........^..................................................................&.............................................o........[............................................................Q.....................................................................................................H......................w...............................p..\..................................................Q...............................................ief........4................................................'................................*..................{......Q................(........................................................................................'...........................................V..................

                                    C:\Users\user\entomostraca\nonmissionary\Sprechstallmeisters\phonetism.ham

                                    Download File
                                    Process:C:\Users\user\Desktop\rTransferenciarealizada451236.exe
                                    File Type:DIY-Thermocam raw data (Lepton 3.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 0.000000, slope 8192.000000
                                    Category:dropped
                                    Size (bytes):221986
                                    Entropy (8bit):1.2553570110885655
                                    Encrypted:false
                                    SSDEEP:768:UEGD8pi+OnyGF8VOfpmIamQ+1r2xhgXPyxI+R/9d7jdr5oGEqsraoC8R55An+T7+:sy3E6xuqr5t3q4ls6
                                    MD5:5DC04B53C924A15C430DA960DB73AA27
                                    SHA1:D3367203E4F7EAC0D40EA08BD7434DB17CBFC2E8
                                    SHA-256:7EB2DCF0349AD2A17D56426054A123FF8DD0ECF60A74FBF59267D1E94FC86B78
                                    SHA-512:90C85BB1DA20E01F111FEF7270FF4827D268C86467DE338524EBD0E7736D1B77BF1BC9C3FA1FA1EE75A10CF3E9DF5680BABF49C4FD52E65E2A7F88C665EB3BF8
                                    Malicious:false
                                    Reputation:low
                                    Preview:.........................................<.;.....)...........................................^.......>.............................................h......i..........................s................................................................................m................................................................................................................................................D...........a.............c..............?.....................j...............'....~...................................................>...............w..................)...................................,...........V...V.................................n.........5........5................................................................................................................k...........T.......................t.........[............U.....U....*...................s........................................K..............|..........................q..............................

                                    C:\Users\user\entomostraca\nonmissionary\Sprechstallmeisters\skovtursstemningernes.and

                                    Download File
                                    Process:C:\Users\user\Desktop\rTransferenciarealizada451236.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):279323
                                    Entropy (8bit):1.267147618148775
                                    Encrypted:false
                                    SSDEEP:768:r8/GPBxg6M7g7OzAqybt6Yan7KhA4wowv9w81X/W136VZ+iE8iTnqcfW/+YcM3kV:A6S6E+wB/Y1zzZ+K3dX
                                    MD5:A5DC7826AAD6E8F21B82862D3DCE5E19
                                    SHA1:DE1A5A38D84E7E89047D7CD75CE21476756569ED
                                    SHA-256:4E8B0FA52DC775D52F34528F17E40BC3C7B645DE8FCBD15A13E15C9D8C9343DE
                                    SHA-512:C44443A2C1E5738AF7FF276E80CCE08E6E830E1258252C43BD501AC8B3FA23FE72D801F9BF4EEE3BAF8075996FC89D2B276BDBE30AF421FAEBB0681922057DB7
                                    Malicious:false
                                    Reputation:low
                                    Preview:...........e.............................................................................................................q.....................................^.....................................................o...._..q........................n....................................g.........................................c..........S...............................................B..m...hu................$........................................D................O.............................5.......?.G............................................8.....................................4........r.................................................................................3........0U...................2........u..:...............p..........o..................................................7................................................................................................................}........._.............................n............................................>

                                    C:\Users\user\entomostraca\nonmissionary\Sprechstallmeisters\telcontar.txt

                                    Download File
                                    Process:C:\Users\user\Desktop\rTransferenciarealizada451236.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):381
                                    Entropy (8bit):4.251186060474368
                                    Encrypted:false
                                    SSDEEP:6:MRMCcIWh0MEHOLzaaFwc2NFb6vLoRYk1IUBH/suCyG1EKDn3Ko3MLFMLmPJg/f2M:MRXWhTkOLzlFwcpTotFCt1EKD3DMxxgb
                                    MD5:6EF48E64E0432B3EEB16614315305EAB
                                    SHA1:7921FB890955694225EF254DAD564FF42EA888B9
                                    SHA-256:981C4F156A8D30AE7B40E6B611114707B46D0EF7BA61D6ECD813267B99B0A6FF
                                    SHA-512:D58F034E162B33134C21373B0E7E77ADFC5B4A1E6B193BACA8960F2C33828CE0349DFA2B415605877075C65730245E1AF80049AAFBF450A6E1906218E7574811
                                    Malicious:false
                                    Reputation:low
                                    Preview:ihrdigstes nocturns venomly friis trykluftborenes.antropologernes sporvognssljfers klyngehus emissionsgrnsevrdiernes meditationernes opslidningen..flammation afvejendes fljtetndernes uranospinite sot kondicykelens megalopinae.undiscreditable frydet praedialist.myositic afskedserklring tenors intermittencies fraseologiske formwork untumid,indlgs regnspovers purpures recognisable,

                                    C:\Users\user\entomostraca\nonmissionary\Windsorstols.Amb

                                    Download File
                                    Process:C:\Users\user\Desktop\rTransferenciarealizada451236.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):204754
                                    Entropy (8bit):7.518576596085271
                                    Encrypted:false
                                    SSDEEP:3072:6Ndzktt0gTZl/NRbkb4uWI8VHtWPHK+I0Qpz2raHB9GcAq41N/h9b2aq:6NBktJtBQ2VHtqHDLYB1AqkNp8F
                                    MD5:38A8352122DF8F9EFD4087664401CF27
                                    SHA1:6B15B0DD6BF0CF9FFDD277CBE41E0F674F8A78E4
                                    SHA-256:F7B461AAAF2803DBBD6FA372453C7407DF6819A5FFD86816337C5BBF97BBE8B7
                                    SHA-512:D17F51537A4BE75431C30C1E784A0C855933CEC5154517E58AE71C679A34A441C4273142EA510EB6D58F816474CD3D8508959F94D45CFDD60C5EBC3B45A39BE5
                                    Malicious:false
                                    Reputation:low
                                    Preview:. ......3333.................MM.....+............f.....................ppp..................).................BB.........}....EE...ooo...1.n.....................==.YY..............AA.||..................................................Y.....................................@..........,..........0...b..........NN.yyyy.......(.................................c...............................66.www.........................'...............................6666.?.......L..............111......v...........PPP................&&......................................}......................5555..............I......Z.......lll.q.<..............~~~~~.=............f...............&...OO.............==..c........i....RRRRR._........UUU..........N............Z.................33.I....p.......zzzzz...ww..M...................xxxx.........................................q../................U.......aa.........tt............................}}}............xxxx...............DDD..4.....n.......................

                                    C:\Users\user\entomostraca\nonmissionary\ankomsttidernes.obs

                                    Download File
                                    Process:C:\Users\user\Desktop\rTransferenciarealizada451236.exe
                                    File Type:DIY-Thermocam raw data (Lepton 3.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 0.000000, slope 8637644800.000000
                                    Category:dropped
                                    Size (bytes):317856
                                    Entropy (8bit):1.2536722078272815
                                    Encrypted:false
                                    SSDEEP:1536:aSSMNripeTi8tcwZ5DxukXUgVOrokqGykfq:aWJThqSXUHyh
                                    MD5:E709E62365CAA58EF4BE2F1D9D635944
                                    SHA1:74C294CF4B723304883CF6812549E7584ED8CA44
                                    SHA-256:75C184E5697A25E1FDDB29321C1FE5670191041A26F7E5209264D4B948CDBDA5
                                    SHA-512:22F057ADD0FD2DC37F539B66E37E75AEDE5F59C255D878257B01ADCD22889B129778FD194F43822599C38619A515E1C07E38601257EC872CF6C2CF7BD597CE06
                                    Malicious:false
                                    Preview:....................................-...........q..h...............................................................................7.....................................................................C.....................................................................a..........................."..................................................c..........................................................................................:.{..............;..............U..........................................(........................................................................................................................................................................+...........q...0.....8...................h......`...........S......................:..................;.V....................^.................=...........................l..............N............................................................5........................5............|.........k.....t............

                                    C:\Windows\Resources\nringsmiddelet.ini

                                    Download File
                                    Process:C:\Users\user\Desktop\rTransferenciarealizada451236.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):42
                                    Entropy (8bit):4.44923074481598
                                    Encrypted:false
                                    SSDEEP:3:VHPy2E5scHXhNK:Vvy2ElG
                                    MD5:3A6FE7C926FA502CA28AE72B7A40D387
                                    SHA1:14D4A78172BDBBB103C39406164F43473BD92177
                                    SHA-256:B966D39B1859A38999191B79064330621498C5E278A337B0CAACAE18BD87703F
                                    SHA-512:D276FC59FF1AFE300BA5523FEDC53E156B8D64A085D7DF22521527BD1C115B2D0F8E724002D84933A396418216AD10B94A0DA455EBB008668FF6D1CE3DF5E499
                                    Malicious:false
                                    Preview:[fabrics]..Skipperhistorier128=Behaendig..

                                    Static File Info

                                    General

                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                    Entropy (8bit):7.613441066069777
                                    TrID:
                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                    • DOS Executable Generic (2002/1) 0.02%
                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                    File name:rTransferenciarealizada451236.exe
                                    File size:915'368 bytes
                                    MD5:12f32dc32a25a48db3aca40758745e80
                                    SHA1:41f2c89b8c83b279633c641d1e266a3a2487294d
                                    SHA256:8085c17ea9441ff19ee1d021408ce2b159bdf4d53704a9afd180e76033c74415
                                    SHA512:b3e71933c26fc75dfa3aef0efc9ef375572df28cdba1b85dac9ecda062e572a6999dcbeec382b04e5a7d24e3485f5aa6852fad9e2d36fded55525fa8acf8dd9c
                                    SSDEEP:24576:6x+rRnZt2HrJ1oAzm2ESD62HnQIQMOKOaeKX:6x+1nZcLHFzmnSW2HTzOKOwX
                                    TLSH:AD15015F26D8060DC1E6EFB1C9C192F587659C25BC32D08E62EA702EDFFA9F95207064
                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.v.F.*.....F...v...F...@...F.Rich..F.........................PE..L...#.uY.................`.........

                                    File Icon

                                    Icon Hash:92808aba4ace58ba

                                    Static PE Info

                                    General

                                    Entrypoint:0x4031bb
                                    Entrypoint Section:.text
                                    Digitally signed:true
                                    Imagebase:0x400000
                                    Subsystem:windows gui
                                    Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                    Time Stamp:0x59759523 [Mon Jul 24 06:35:15 2017 UTC]
                                    TLS Callbacks:
                                    CLR (.Net) Version:
                                    OS Version Major:4
                                    OS Version Minor:0
                                    File Version Major:4
                                    File Version Minor:0
                                    Subsystem Version Major:4
                                    Subsystem Version Minor:0
                                    Import Hash:3abe302b6d9a1256e6a915429af4ffd2

                                    Authenticode Signature

                                    Signature Valid:false
                                    Signature Issuer:CN=Dimorphous, O=Dimorphous, L=Arlington, C=US
                                    Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                    Error Number:-2146762487
                                    Not Before, Not After
                                    • 15/12/2023 11:19:43 14/12/2026 11:19:43
                                    Subject Chain
                                    • CN=Dimorphous, O=Dimorphous, L=Arlington, C=US
                                    Version:3
                                    Thumbprint MD5:ECCE910D179813009C53CDE69ED41723
                                    Thumbprint SHA-1:9CE0E08391625A454CAF4AE17E3DF24289F31704
                                    Thumbprint SHA-256:1B5F73B681BEF83BB97E6EB295E4825FC5FDCD95196AB28D01E1BDA189FBEED7
                                    Serial:0DAE04ECF881F502F5C26FB0DF2141F1BF24774D

                                    Entrypoint Preview

                                    Instruction
                                    sub esp, 00000184h
                                    push ebx
                                    push esi
                                    push edi
                                    xor ebx, ebx
                                    push 00008001h
                                    mov dword ptr [esp+18h], ebx
                                    mov dword ptr [esp+10h], 00409198h
                                    mov dword ptr [esp+20h], ebx
                                    mov byte ptr [esp+14h], 00000020h
                                    call dword ptr [004070A0h]
                                    call dword ptr [0040709Ch]
                                    and eax, BFFFFFFFh
                                    cmp ax, 00000006h
                                    mov dword ptr [0042370Ch], eax
                                    je 00007EFE2945B1E3h
                                    push ebx
                                    call 00007EFE2945E29Ah
                                    cmp eax, ebx
                                    je 00007EFE2945B1D9h
                                    push 00000C00h
                                    call eax
                                    mov esi, 00407298h
                                    push esi
                                    call 00007EFE2945E216h
                                    push esi
                                    call dword ptr [00407098h]
                                    lea esi, dword ptr [esi+eax+01h]
                                    cmp byte ptr [esi], bl
                                    jne 00007EFE2945B1BDh
                                    push 0000000Ah
                                    call 00007EFE2945E26Eh
                                    push 00000008h
                                    call 00007EFE2945E267h
                                    push 00000006h
                                    mov dword ptr [00423704h], eax
                                    call 00007EFE2945E25Bh
                                    cmp eax, ebx
                                    je 00007EFE2945B1E1h
                                    push 0000001Eh
                                    call eax
                                    test eax, eax
                                    je 00007EFE2945B1D9h
                                    or byte ptr [0042370Fh], 00000040h
                                    push ebp
                                    call dword ptr [00407044h]
                                    push ebx
                                    call dword ptr [00407288h]
                                    mov dword ptr [004237D8h], eax
                                    push ebx
                                    lea eax, dword ptr [esp+38h]
                                    push 00000160h
                                    push eax
                                    push ebx
                                    push 0041ECC8h
                                    call dword ptr [00407178h]
                                    push 00409188h

                                    Rich Headers

                                    Programming Language:
                                    • [EXP] VC++ 6.0 SP5 build 8804

                                    Data Directories

                                    NameVirtual AddressVirtual Size Is in Section
                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x74280xa0.rdata
                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x430000x2a348.rsrc
                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                    IMAGE_DIRECTORY_ENTRY_SECURITY0xde5a00x1208
                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IAT0x70000x298.rdata
                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                    Sections

                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                    .text0x10000x5ed20x60009112619c91f32f6f8e4096e108712ebeFalse0.6629638671875data6.442176588686321IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    .rdata0x70000x12480x14001c9a524313c13059919ecf8195d205beFalse0.4275390625data5.007650149182371IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                    .data0x90000x1a8180x400458aeaedc3eabb1f26ec1bbd666017aeFalse0.6396484375data5.13585559284969IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                    .ndata0x240000x1f0000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                    .rsrc0x430000x2a3480x2a400f70216fcc65579490c33a248bbf620b5False0.22636025332840237data4.211175627255611IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                    Resources

                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                    RT_ICON0x434480x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.1427008162782444
                                    RT_ICON0x53c700x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 38016EnglishUnited States0.23523228925793568
                                    RT_ICON0x5d1180x5488Device independent bitmap graphic, 72 x 144 x 32, image size 21600EnglishUnited States0.2696395563770795
                                    RT_ICON0x625a00x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.23264052905054322
                                    RT_ICON0x667c80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.30809128630705396
                                    RT_ICON0x68d700x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.34122889305816134
                                    RT_ICON0x69e180xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States0.49307036247334757
                                    RT_ICON0x6acc00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.5509927797833934
                                    RT_ICON0x6b5680x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States0.32926829268292684
                                    RT_ICON0x6bbd00x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.3930635838150289
                                    RT_ICON0x6c1380x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.4601063829787234
                                    RT_ICON0x6c5a00x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.4099462365591398
                                    RT_ICON0x6c8880x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.5337837837837838
                                    RT_DIALOG0x6c9b00x120dataEnglishUnited States0.5138888888888888
                                    RT_DIALOG0x6cad00x11cdataEnglishUnited States0.6056338028169014
                                    RT_DIALOG0x6cbf00xc4dataEnglishUnited States0.5918367346938775
                                    RT_DIALOG0x6ccb80x60dataEnglishUnited States0.7291666666666666
                                    RT_GROUP_ICON0x6cd180xbcdataEnglishUnited States0.648936170212766
                                    RT_VERSION0x6cdd80x144dataEnglishUnited States0.5895061728395061
                                    RT_MANIFEST0x6cf200x423XML 1.0 document, ASCII text, with very long lines (1059), with no line terminatorsEnglishUnited States0.5127478753541076

                                    Imports

                                    DLLImport
                                    KERNEL32.dllGetTempPathA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetEnvironmentVariableA, Sleep, GetTickCount, GetCommandLineA, lstrlenA, GetVersion, SetErrorMode, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GetWindowsDirectoryA, SetCurrentDirectoryA, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, ReadFile, WriteFile, lstrcpyA, MoveFileExA, lstrcatA, GetSystemDirectoryA, GetProcAddress, GetExitCodeProcess, WaitForSingleObject, CompareFileTime, SetFileAttributesA, GetFileAttributesA, GetShortPathNameA, MoveFileA, GetFullPathNameA, SetFileTime, SearchPathA, CloseHandle, lstrcmpiA, CreateThread, GlobalLock, lstrcmpA, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, GetPrivateProfileStringA, FindClose, MultiByteToWideChar, FreeLibrary, MulDiv, WritePrivateProfileStringA, LoadLibraryExA, GetModuleHandleA, GlobalAlloc, GlobalFree, ExpandEnvironmentStringsA
                                    USER32.dllScreenToClient, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, PostQuitMessage, GetWindowRect, EnableMenuItem, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndDialog, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, GetDC, CreateDialogParamA, SetTimer, GetDlgItem, SetWindowLongA, SetForegroundWindow, LoadImageA, IsWindow, SendMessageTimeoutA, FindWindowExA, OpenClipboard, TrackPopupMenu, AppendMenuA, EndPaint, DestroyWindow, wsprintfA, ShowWindow, SetWindowTextA
                                    GDI32.dllSelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                    SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExA, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHFileOperationA
                                    ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExA, RegOpenKeyExA, SetFileSecurityA, OpenProcessToken, LookupPrivilegeValueA, RegEnumValueA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                                    COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                    ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                    Possible Origin

                                    Language of compilation systemCountry where language is spokenMap
                                    EnglishUnited States

                                    Network Behavior

                                    Suricata IDS Alerts

                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                    2024-10-30T01:03:43.603082+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.456106142.250.186.142443TCP

                                    Network Port Distribution

                                    TCP Packets

                                    TimestampSource PortDest PortSource IPDest IP
                                    Oct 30, 2024 01:03:42.269629955 CET56106443192.168.2.4142.250.186.142
                                    Oct 30, 2024 01:03:42.269666910 CET44356106142.250.186.142192.168.2.4
                                    Oct 30, 2024 01:03:42.269761086 CET56106443192.168.2.4142.250.186.142
                                    Oct 30, 2024 01:03:42.281563044 CET56106443192.168.2.4142.250.186.142
                                    Oct 30, 2024 01:03:42.281579971 CET44356106142.250.186.142192.168.2.4
                                    Oct 30, 2024 01:03:43.161815882 CET44356106142.250.186.142192.168.2.4
                                    Oct 30, 2024 01:03:43.161919117 CET56106443192.168.2.4142.250.186.142
                                    Oct 30, 2024 01:03:43.163347006 CET44356106142.250.186.142192.168.2.4
                                    Oct 30, 2024 01:03:43.163439989 CET56106443192.168.2.4142.250.186.142
                                    Oct 30, 2024 01:03:43.222803116 CET56106443192.168.2.4142.250.186.142
                                    Oct 30, 2024 01:03:43.222850084 CET44356106142.250.186.142192.168.2.4
                                    Oct 30, 2024 01:03:43.223464012 CET44356106142.250.186.142192.168.2.4
                                    Oct 30, 2024 01:03:43.223514080 CET56106443192.168.2.4142.250.186.142
                                    Oct 30, 2024 01:03:43.227593899 CET56106443192.168.2.4142.250.186.142
                                    Oct 30, 2024 01:03:43.275335073 CET44356106142.250.186.142192.168.2.4
                                    Oct 30, 2024 01:03:43.603090048 CET44356106142.250.186.142192.168.2.4
                                    Oct 30, 2024 01:03:43.603214025 CET56106443192.168.2.4142.250.186.142
                                    Oct 30, 2024 01:03:43.603625059 CET56106443192.168.2.4142.250.186.142
                                    Oct 30, 2024 01:03:43.603667021 CET44356106142.250.186.142192.168.2.4
                                    Oct 30, 2024 01:03:43.603744984 CET56106443192.168.2.4142.250.186.142
                                    Oct 30, 2024 01:03:43.632695913 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:43.632725954 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:43.632786036 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:43.633039951 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:43.633053064 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:44.516781092 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:44.517102957 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:44.521131992 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:44.521146059 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:44.521466970 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:44.523430109 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:44.523793936 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:44.571341991 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:46.869961977 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:46.870171070 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:46.878268957 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:46.878367901 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:46.988732100 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:46.988835096 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:46.988840103 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:46.988857985 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:46.988940954 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:46.991832972 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:46.991936922 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:46.991942883 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:46.991987944 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:46.996347904 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:46.996478081 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:46.996483088 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:46.996592999 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.005338907 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.005395889 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.005409956 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.005459070 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.014187098 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.014280081 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.014288902 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.014416933 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.023209095 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.023293972 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.023303032 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.023365974 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.032167912 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.032336950 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.032344103 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.032386065 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.041110992 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.041243076 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.041259050 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.041372061 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.050055981 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.050246000 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.050251961 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.050292015 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.107899904 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.107965946 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.107974052 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.107999086 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.108004093 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.108052969 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.108052969 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.108582973 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.108663082 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.108671904 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.108736038 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.109019995 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.109394073 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.109400034 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.109508038 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.111067057 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.111135960 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.111157894 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.111186981 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.111186981 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.111196041 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.111279964 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.115654945 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.115858078 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.115865946 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.115964890 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.117723942 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.119147062 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.119168043 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.119822025 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.124411106 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.124464035 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.124526978 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.124584913 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.124591112 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.124631882 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.129813910 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.129879951 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.129884958 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.129930019 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.135600090 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.135673046 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.135679960 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.135775089 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.141290903 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.141361952 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.141374111 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.141448975 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.147176981 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.147250891 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.147265911 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.147329092 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.152899981 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.153006077 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.153012991 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.153311014 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.158703089 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.158819914 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.158826113 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.159049988 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.164426088 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.164524078 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.164540052 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.164717913 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.170311928 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.170434952 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.170440912 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.170537949 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.176172018 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.176270008 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.176276922 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.176410913 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.181893110 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.181996107 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.182002068 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.182060003 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.187599897 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.187686920 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.187700033 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.187771082 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.227246046 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.227365017 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.227391958 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.227405071 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.227428913 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.227436066 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.227484941 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.227484941 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.227555037 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.227593899 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.227597952 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.227647066 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.227654934 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.227659941 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.227710009 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.227710009 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.227719069 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.227797031 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.228463888 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.228557110 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.228796005 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.228856087 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.228859901 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.228899956 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.228923082 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.228938103 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.228943110 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.229002953 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.233841896 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.233967066 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.233975887 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.234055042 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.237745047 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.237898111 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.237903118 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.238056898 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.242958069 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.243033886 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.243042946 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.243153095 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.248094082 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.248245001 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.248254061 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.248497963 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.251162052 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.251250029 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.251257896 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.251329899 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.254163027 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.254240036 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.254246950 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.254348040 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.257354021 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.257440090 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.257452965 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.257520914 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.260247946 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.260313988 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.260320902 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.260405064 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.263407946 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.263528109 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.263541937 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.263607025 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.266541004 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.266619921 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.266625881 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.266798019 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.269484997 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.269535065 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.269548893 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.269650936 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.272114992 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.272250891 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.272254944 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.272324085 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.275238037 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.275357962 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.275363922 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.275511980 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.278052092 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.278265953 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.278270006 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.278366089 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.281075954 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.281162024 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.281167984 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.281263113 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.283760071 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.283833981 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.283838034 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.283885956 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.286501884 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.286559105 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.286786079 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.286906958 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.289508104 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.289561987 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.289592028 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.289649010 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.292119026 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.292262077 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.292268038 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.292325020 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.294891119 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.294965029 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.294970989 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.295061111 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.297494888 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.297631979 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.297638893 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.297816038 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.300712109 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.300782919 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.300795078 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.301126957 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.302997112 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.303102016 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.303107023 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.303152084 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.305617094 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.305735111 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.305741072 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.305809975 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.308223963 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.308314085 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.308320045 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.308444023 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.310715914 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.310807943 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.310812950 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.310972929 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.313571930 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.313647032 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.313652992 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.313709974 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.315901995 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.315989971 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.315994978 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.316091061 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.318399906 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.318562984 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.318569899 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.318649054 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.320775032 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.320833921 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.320849895 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.320857048 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.320882082 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.320946932 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.323282957 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.323359013 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.323364019 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.323426008 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.326091051 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.326240063 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.326245070 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.326319933 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.328282118 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.328438997 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.328444958 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.328589916 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.346528053 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.346600056 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.346648932 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.346668959 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.346678019 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.346687078 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.346724987 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.346729040 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.346880913 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.346884966 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.346961975 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.346987963 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.347038031 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.347069979 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.347100973 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.347106934 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.347119093 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.347232103 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.347559929 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.347604990 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.347641945 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.347645998 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.347701073 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.347712040 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.347865105 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.348192930 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.348239899 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.348243952 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.348417044 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.349855900 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.349982977 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.349987984 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.350095034 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.352036953 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.352085114 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.352089882 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.352257967 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.354376078 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.354429007 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.354440928 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.354536057 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.356878996 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.357033014 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.357038021 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.357083082 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.358777046 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.358874083 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.358880043 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.358930111 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.361223936 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.361282110 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.361287117 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.361325979 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.363307953 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.363356113 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.363360882 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.363420963 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.365479946 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.365621090 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.365626097 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.365704060 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.367717981 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.367865086 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.367870092 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.368011951 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.370399952 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.370536089 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.370541096 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.370718956 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.371922970 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.372137070 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.372143030 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.372203112 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.373927116 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.374001980 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.374013901 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.374387026 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.376826048 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.376908064 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.376914978 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.376981974 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.377912998 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.377984047 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.377989054 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.378050089 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.379827976 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.379931927 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.379939079 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.380040884 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.381794930 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.381926060 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.381931067 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.382004023 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.383744955 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.383804083 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.383816004 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.383893013 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.385564089 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.385636091 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.385648966 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.385695934 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.387475967 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.387590885 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.387597084 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.387680054 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.389373064 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.389436007 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.389447927 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.389552116 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.391192913 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.391258001 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.391263008 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.391334057 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.393145084 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.393223047 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.393229961 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.393309116 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.395009995 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.395191908 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.395198107 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.395287991 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.396645069 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.396765947 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.396770954 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.396842003 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.396864891 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.396903992 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.397063017 CET44356116142.250.185.193192.168.2.4
                                    Oct 30, 2024 01:03:47.397152901 CET56116443192.168.2.4142.250.185.193
                                    Oct 30, 2024 01:03:47.397171974 CET56116443192.168.2.4142.250.185.193

                                    UDP Packets

                                    TimestampSource PortDest PortSource IPDest IP
                                    Oct 30, 2024 01:02:44.705418110 CET5349911162.159.36.2192.168.2.4
                                    Oct 30, 2024 01:02:45.457853079 CET53576231.1.1.1192.168.2.4
                                    Oct 30, 2024 01:03:42.257530928 CET5511153192.168.2.41.1.1.1
                                    Oct 30, 2024 01:03:42.265239954 CET53551111.1.1.1192.168.2.4
                                    Oct 30, 2024 01:03:43.624294043 CET5169553192.168.2.41.1.1.1
                                    Oct 30, 2024 01:03:43.631902933 CET53516951.1.1.1192.168.2.4

                                    DNS Queries

                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                    Oct 30, 2024 01:03:42.257530928 CET192.168.2.41.1.1.10x6365Standard query (0)drive.google.comA (IP address)IN (0x0001)false
                                    Oct 30, 2024 01:03:43.624294043 CET192.168.2.41.1.1.10x97c3Standard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false

                                    DNS Answers

                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                    Oct 30, 2024 01:03:42.265239954 CET1.1.1.1192.168.2.40x6365No error (0)drive.google.com142.250.186.142A (IP address)IN (0x0001)false
                                    Oct 30, 2024 01:03:43.631902933 CET1.1.1.1192.168.2.40x97c3No error (0)drive.usercontent.google.com142.250.185.193A (IP address)IN (0x0001)false

                                    HTTP Request Dependency Graph

                                    • drive.google.com
                                    • drive.usercontent.google.com

                                    HTTPS Proxied Packets

                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    0192.168.2.456106142.250.186.1424433120C:\Users\user\Desktop\rTransferenciarealizada451236.exe
                                    TimestampBytes transferredDirectionData
                                    2024-10-30 00:03:43 UTC216OUTGET /uc?export=download&id=1nMPhNN-2GjI3FUIqU_EPUgHeeK8mihQO HTTP/1.1
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                    Host: drive.google.com
                                    Cache-Control: no-cache
                                    2024-10-30 00:03:43 UTC1610INHTTP/1.1 303 See Other
                                    Content-Type: application/binary
                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                    Pragma: no-cache
                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                    Date: Wed, 30 Oct 2024 00:03:43 GMT
                                    Location: https://drive.usercontent.google.com/download?id=1nMPhNN-2GjI3FUIqU_EPUgHeeK8mihQO&export=download
                                    Strict-Transport-Security: max-age=31536000
                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                    Content-Security-Policy: script-src 'nonce-TIwt7AaEJ9mxjUy8Pv43Mw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                    Cross-Origin-Opener-Policy: same-origin
                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                    Server: ESF
                                    Content-Length: 0
                                    X-XSS-Protection: 0
                                    X-Frame-Options: SAMEORIGIN
                                    X-Content-Type-Options: nosniff
                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                    Connection: close


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    1192.168.2.456116142.250.185.1934433120C:\Users\user\Desktop\rTransferenciarealizada451236.exe
                                    TimestampBytes transferredDirectionData
                                    2024-10-30 00:03:44 UTC258OUTGET /download?id=1nMPhNN-2GjI3FUIqU_EPUgHeeK8mihQO&export=download HTTP/1.1
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                    Cache-Control: no-cache
                                    Host: drive.usercontent.google.com
                                    Connection: Keep-Alive
                                    2024-10-30 00:03:46 UTC4921INHTTP/1.1 200 OK
                                    Content-Type: application/octet-stream
                                    Content-Security-Policy: sandbox
                                    Content-Security-Policy: default-src 'none'
                                    Content-Security-Policy: frame-ancestors 'none'
                                    X-Content-Security-Policy: sandbox
                                    Cross-Origin-Opener-Policy: same-origin
                                    Cross-Origin-Embedder-Policy: require-corp
                                    Cross-Origin-Resource-Policy: same-site
                                    X-Content-Type-Options: nosniff
                                    Content-Disposition: attachment; filename="QNteuFnuZJQI178.bin"
                                    Access-Control-Allow-Origin: *
                                    Access-Control-Allow-Credentials: false
                                    Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogA [TRUNCATED]
                                    Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                                    Accept-Ranges: bytes
                                    Content-Length: 287296
                                    Last-Modified: Tue, 29 Oct 2024 11:33:32 GMT
                                    X-GUploader-UploadID: AHmUCY3AOPW1F2sQN-onlGSqO8xRCGgat1N3nbaYiwSSATqzvyR8AWQlyKcmoFrDId5GVgt-G18wT0tqaw
                                    Date: Wed, 30 Oct 2024 00:03:46 GMT
                                    Expires: Wed, 30 Oct 2024 00:03:46 GMT
                                    Cache-Control: private, max-age=0
                                    X-Goog-Hash: crc32c=DVZ/wg==
                                    Server: UploadServer
                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                    Connection: close
                                    2024-10-30 00:03:46 UTC4921INData Raw: 31 f4 47 82 a3 64 44 ee f3 83 16 fd 9f ed 4f ed f2 c4 07 4f d3 a9 8b b7 be a7 0e c0 43 be a6 c0 c2 4d 44 5b 79 75 e0 0c 9e c6 a1 a6 cb a5 31 99 f9 9a 2f 69 74 45 46 3b 47 24 5a c6 ac 36 8c 64 5c 69 1c 1e d0 89 21 e8 88 15 6a a3 d6 e1 14 4e e1 d9 f6 df 77 29 fd 29 97 e6 a0 e2 b2 cd d2 52 2b 0c 6f 03 86 1d 7f b0 e3 95 bd 87 22 e9 91 32 e9 82 d7 b5 77 11 e9 e7 a1 ec 87 83 c3 99 75 d4 ed c0 1c 22 a8 26 af de b0 6b 2e da 72 84 19 f0 1b d0 2e 70 15 2d 7c 96 72 e4 32 53 37 7c 9a 97 40 7d 3e 65 2f 75 f5 2e 54 d2 8d 5e 35 48 40 c3 d0 4b a7 e3 02 05 ef 32 0d 68 12 10 1e 9a 7f 18 67 30 7e 5a 6c 26 bf b8 23 9a 60 86 35 65 78 71 ca b1 ce f3 0d 97 64 63 2b 6a c1 ea 07 b4 55 09 f6 00 8d a9 e9 bd df 33 e4 21 f2 1d a5 5d bc 71 85 9b f7 78 6d df b1 19 e0 cf 7d 9b f0 01 83
                                    Data Ascii: 1GdDOOCMD[yu1/itEF;G$Z6d\i!jNw))R+o"2wu"&k.r.p-|r2S7|@}>e/u.T^5H@K2hg0~Zl&#`5exqdc+jU3!]qxm}
                                    2024-10-30 00:03:46 UTC4855INData Raw: f0 21 f5 f8 49 0b f4 db 8f 2c 4a d9 46 81 31 d7 f3 7f 87 6a 87 e9 79 92 b0 8e 45 12 84 a3 cf 47 80 d9 72 32 cb 5d 80 e4 22 27 2b fc 78 2b 5e 04 94 d9 c0 59 27 16 b5 38 d9 13 dd 34 48 6c 06 e7 3e 1e e8 d6 08 99 b4 55 c4 a6 6b 71 ff 35 bd f8 bd 47 90 8d 96 2c 96 7a f1 3f 3f d1 76 12 bb e6 86 d1 1a 31 7b c3 2e b4 ce 72 91 54 da 41 db 8c 4a 26 01 b9 fa 9a c4 ad ea e3 25 b2 2f 4c ee 98 7e c6 a3 21 0d c6 e9 9a f0 6a 66 01 33 56 52 50 26 c2 0b 25 46 a6 09 1e 7e 82 72 d7 fb 23 56 bc 86 bf 0a 20 dc e8 67 45 32 91 83 03 0d 6a d7 7d 49 b7 d7 ce fb 54 8e 24 6d 53 e8 74 8c f3 cf de c9 32 29 0b 78 3d 0b 1b 98 61 c9 bd 98 6e bf 49 fa 01 04 83 23 b9 72 f8 9f 99 db d6 d4 0e ed ae 93 f0 90 77 b4 e8 bf 04 5b ce 9a 48 52 7a fd fb 52 05 fc d9 af 3b 09 c4 76 75 ca 5e 74 48 de
                                    Data Ascii: !I,JF1jyEGr2]"'+x+^Y'84Hl>Ukq5G,z??v1{.rTAJ&%/L~!jf3VRP&%F~r#V gE2j}IT$mSt2)x=anI#rw[HRzR;vu^tH
                                    2024-10-30 00:03:46 UTC1325INData Raw: 7d a6 a9 2b e6 34 5d b7 07 82 a3 a4 40 74 bb e3 c6 aa 86 aa 95 4a cf 02 7c 29 83 38 f9 c2 77 11 ca 6b 77 fa d1 11 b5 7e fb 51 46 61 3c 5d fa 07 cd 01 01 1d 03 27 fe 65 d1 f6 0d 05 1b fb 0d 82 06 38 1e 47 11 67 db da e3 f7 ca b8 c0 3d 37 e9 76 e5 31 63 8b 81 99 76 8f 84 dc 60 d8 4a 8d f6 51 7d e9 9d e4 46 db 93 2b ab a8 5a 5c c7 84 0b 3b 1f b9 b7 25 65 34 f9 91 be 7e ba c9 ab 84 fc a8 c8 e0 98 69 b4 a7 74 d4 fd e5 53 fd fc 87 c3 98 15 6c 4e ac 0c 1e 26 b9 6b 37 48 2b 39 45 66 15 f0 1c d5 c5 c3 11 2f 76 54 e3 37 38 b4 15 ef 46 51 ec da cd 6f e4 52 ab 9e b1 fd a5 88 1e 45 40 47 ca fa 86 71 ca 1e 93 e3 37 32 53 cd 06 c8 2a 8c 2b ba 11 1a 74 af f7 c7 86 b3 3a 3e bb 7c c0 cb 57 4c e0 4d a7 bc 1d 7b 8b 6b 0d 23 ec 86 b3 ec 34 a6 4d b6 38 c6 ad 47 b7 1d e9 54 29
                                    Data Ascii: }+4]@tJ|)8wkw~QFa<]'e8Gg=7v1cv`JQ}F+Z\;%e4~itSlN&k7H+9Ef/vT78FQoRE@Gq72S*+t:>|WLM{k#4M8GT)
                                    2024-10-30 00:03:46 UTC1378INData Raw: 7b 44 97 09 03 60 2e 25 2a d3 2b 51 28 9b 7c 07 5e 54 a3 6e 89 7e 7f 4f 8a 98 00 a7 e3 1c 86 47 94 9b 21 0d d7 c5 4f b9 e4 90 03 4c a4 f9 1f e1 1a 6c 61 6c e0 70 35 1b a4 4a 77 fa 69 cb 41 93 fe ea 0b 47 a8 db 3b ce 85 de b6 58 13 2e a9 74 cf 01 ce 12 d5 00 9f 79 22 82 78 e3 8c fb e8 4b 31 78 3c 7b 6c 74 87 1a 52 d9 f8 cf 25 94 4e 35 a9 0c f7 5b 15 89 8c 43 37 76 96 d7 98 6f e8 b8 fb 6f 95 5b 84 f6 7c d6 fe 2e 09 5a 03 93 00 4b 71 97 6d 0c 84 87 8b a2 93 6b f0 cf a5 d6 4a 43 cc 51 ee 9a cb 2c 82 d9 64 6a e5 e3 e0 a1 f3 0f fa ee 1c 47 ef ad 7d 12 95 f5 96 c3 12 c8 af 83 36 cc 03 a9 13 2b 86 82 cc bd ff 7b 01 b2 d8 5c 01 5d 91 2d 1a d6 ae d6 5a 51 10 1d f4 3b 49 81 6f ea f5 95 5b ef 0c 77 8c 06 87 fc 8b 88 aa 4e 18 16 ae 05 37 0a 41 7d 83 d4 96 a3 90 91 46
                                    Data Ascii: {D`.%*+Q(|^Tn~OG!OLlalp5JwiAG;X.ty"xK1x<{ltR%N5[C7voo[|.ZKqmkJCQ,djG}6+{\]-ZQ;Io[wN7A}F
                                    2024-10-30 00:03:46 UTC1378INData Raw: 39 25 f3 7e e7 b6 ee 1c ad 06 76 2a d6 1b 7a 66 f9 d4 70 54 bc 12 27 95 ff b9 54 4c de dd 3d 12 c1 c6 41 90 b3 24 34 15 10 17 18 0f ff 8b 21 e8 19 8a 55 da 82 d0 0f 60 81 f7 34 f9 dc 49 93 e7 36 e3 e1 be db d1 d9 8e ec 32 01 ca a8 3b 8e 98 ef f1 2d 18 7f 99 41 0c fa 33 b1 6f c2 50 55 55 af 86 a4 d4 e5 4f 0c fe 59 5d 9f be 2d 76 11 da 70 8f 78 23 f3 e8 fc 98 87 2b 4e 0b de 05 17 2c c5 8b 9f eb c8 7c f1 7b 00 96 23 7d a5 93 6d 0f 0e 8d 95 ca 31 5d 45 d2 2a ec dc 57 d4 35 76 04 47 86 4c 15 04 ad f5 18 52 69 e6 7b 6e 1b e7 ec af 99 9e 73 62 8b 29 ac 9b a9 3d 94 b3 bd 58 6f 59 0c 77 62 97 3e b2 77 e2 97 65 47 36 db ad da 98 7c 13 8a 90 df f1 33 0c 0b 3a 9b 8b 2f c0 45 56 11 ac 3e dc 19 7e 70 19 07 62 2d fb 0f 1a ba c9 b5 e3 77 d0 06 d7 c0 87 47 4f f6 31 6e 01
                                    Data Ascii: 9%~v*zfpT'TL=A$4!U`4I62;-A3oPUUOY]-vpx#+N,|{#}m1]E*W5vGLRi{nsb)=XoYwb>weG6|3:/EV>~pb-wGO1n
                                    2024-10-30 00:03:46 UTC1378INData Raw: f7 a8 bf 6a ac 48 74 ce 42 2e 2b 52 44 22 32 76 89 13 9f d7 68 5c 64 c6 fb 50 df 03 4d 11 34 dc 0e fa c9 0a 4f 70 77 04 87 5f 95 22 a7 c4 ab e4 09 f8 01 04 bf 19 bb f2 f3 a9 96 ec 5c 14 6c 79 cb 73 44 d8 8f 17 b8 5e d9 6e 60 de 09 7a 48 8b 86 65 07 ea c9 1b e7 8f 05 35 94 e9 49 b5 77 42 df 46 9c 06 cb 04 9f 18 ae e5 94 6f 00 9e 60 f5 5f 81 ed bb 60 c9 ad b5 67 e3 eb 23 21 74 4e b4 77 c2 e1 39 a5 57 2e f6 5a 8a 79 1a e8 67 3c 2f b2 49 67 31 20 1f 80 7e b4 0e 44 b8 4d 1a 03 72 f2 62 5b e7 90 98 f2 8e 30 f8 2f 18 0e 2b 58 c9 c0 97 72 f5 54 cc 12 d6 f1 c9 72 a2 b9 4e 4d 69 55 b3 3d df 56 77 ae 0f 47 e7 b7 53 01 b6 53 ee f0 9a 04 ba 40 10 da 44 2a ca d2 37 5b 23 ec df 76 22 f2 37 fe 49 32 2c 1b 59 82 86 ab 55 e7 fd 79 85 a7 58 38 82 ab 2c 1b 76 c5 d5 25 6f dc
                                    Data Ascii: jHtB.+RD"2vh\dPM4Opw_"\lysD^n`zHe5IwBFo`_`g#!tNw9W.Zyg</Ig1 ~DMrb[0/+XrTrNMiU=VwGSS@D*7[#v"7I2,YUyX8,v%o
                                    2024-10-30 00:03:46 UTC1378INData Raw: 16 cf 91 b9 f5 f7 d9 e4 69 ed 90 96 91 e4 f8 09 7d 46 f8 08 01 29 1c 3d 0c bf af 2c 5c f9 1d 7e e3 c0 3b cc 42 89 6f e0 1a 86 f7 98 46 1f 53 48 7f a5 db 55 3f 12 f2 f8 45 d3 36 66 68 0e eb 2f fa 42 4b 74 dd bd b8 fa ba c8 1e d3 76 7d fc b3 d1 ba 73 ca ce 25 38 3b 12 4b d4 45 a8 9e 8f f8 f9 ae 1f 6e c0 a9 85 66 66 23 d2 f2 eb 5f 2b 09 4a ff 86 33 b7 e0 0e 51 41 7d 5a 3e fc 95 1b 5d 3d d6 98 e5 5c 63 a6 5e 73 39 ad d7 23 b9 a5 f8 9d 8c fe 65 89 3c 0e d6 38 37 de a8 2a 3b 86 32 65 32 66 c6 cf 5a 10 7c a1 f9 41 4d 08 38 e6 52 cf 86 8c 0d ac 54 0f 42 37 d4 53 bc 8c 7b 3d f2 5b 3a a7 8c b5 7b 6c e0 18 36 a3 28 3f 01 05 fd 47 59 e5 d7 13 a9 c6 6f c9 9c 2c 08 01 75 6c 51 99 8b a8 b2 6f c3 9b ec 13 9f 3d 18 5b 7f 68 39 df 80 c8 f8 b5 54 3f 71 fa 24 fe 03 22 86 9e
                                    Data Ascii: i}F)=,\~;BoFSHU?E6fh/BKtv}s%8;KEnff#_+J3QA}Z>]=\c^s9#e<87*;2e2fZ|AM8RTB7S{=[:{l6(?GYo,ulQo=[h9T?q$"
                                    2024-10-30 00:03:46 UTC1378INData Raw: ac 68 7d 0c c0 26 1f cc 7c 29 81 40 0b c0 8e 9a f7 6a 19 c3 c3 78 76 5c da 91 eb 91 a9 b0 ae 46 9a 84 5b 45 1f 98 09 b3 51 f6 f3 63 3c 2c 9c 47 09 24 a7 e3 27 a4 62 02 f3 d7 90 2d 52 ed 77 77 d1 7d 92 38 08 86 00 23 96 24 52 8b d3 dd 6b 6c b0 14 2b 5e 50 b0 bb c6 2b 50 5b 12 ad 3f 87 4b 38 8f 3a 73 f2 f5 0b 04 16 e9 f2 7a 08 1d 4f b8 85 0c 0b af 85 c5 0c 11 1d ac 47 fa 50 62 5a 88 ca 2d 9e 37 7d c7 8b e6 e9 ec 35 75 6a 9d 25 b5 9d 51 48 4e 29 64 d1 8c 75 3f d5 45 56 d6 03 4c ec 17 81 ea 79 7e 16 a7 b6 b2 d9 5d 99 2f 28 e3 43 2e 1f cf 73 7e f7 32 d0 e0 81 9b 99 29 64 a9 c0 52 d8 6e 68 78 df e3 97 27 b1 c4 01 51 4f a6 7e 93 c1 90 ff 0c c3 5c 9b 0f 0d 85 e9 fc f9 19 1d 7e 78 41 7e c0 81 c4 5c 29 9e 8c 12 83 0c c4 36 71 e4 8e 85 87 c4 75 fb df 57 7c 95 a2 be
                                    Data Ascii: h}&|)@jxv\F[EQc<,G$'b-Rww}8#$Rkl+^P+P[?K8:szOGPbZ-7}5uj%QHN)du?EVLy~]/(C.s~2)dRnhx'QO~\~xA~\)6quW|
                                    2024-10-30 00:03:46 UTC1378INData Raw: fd 0e de 0c 63 93 89 67 7b de 19 08 3a f0 06 69 63 a9 d4 7d 27 c2 fc d3 a8 eb 8f 58 11 c4 51 4c 15 cb a1 10 c8 36 6f 21 de e7 12 fa d8 b6 5a f8 4d d3 a4 72 0e 3d 28 9c 47 fd 3e e3 79 81 69 a4 84 87 00 c1 b1 8e f7 11 cb 36 ac f9 17 3a 01 a5 55 5f 8d 59 68 e4 8a fb c7 44 f4 86 20 83 11 b6 6b 7b 92 84 0a b3 e3 c6 97 1a bc 94 ab a0 d5 2b 2f 31 56 ef 1f bd 8e 3a b7 7d 18 65 12 cf e4 a2 ed 2d 85 d8 9f a9 1f c0 3e 48 81 a4 bd d5 4c bf 34 55 5c 41 c8 ed 2b c3 f6 77 a4 28 ad ec e7 d3 30 62 ce 0d 7c 9a 9c 74 7e c1 3c ad 25 96 67 a6 56 b3 c2 e2 53 f2 85 23 ac 0b 0a 6e 53 2d 5f ec b2 0d c7 4f 37 e1 fe 0b 90 6a 8a 51 86 fb 90 70 d3 86 36 e3 60 77 a8 23 1d 94 ae f0 9f 40 35 63 1f 37 49 48 66 53 b6 8c eb 6a 21 09 21 5f 6d cd 46 5d da aa ca 21 a8 68 f0 95 da 2e 5a ca 25
                                    Data Ascii: cg{:ic}'XQL6o!ZMr=(G>yi6:U_YhD k{+/1V:}e->HL4U\A+w(0b|t~<%gVS#nS-_O7jQp6`w#@5c7IHfSj!!_mF]!h.Z%
                                    2024-10-30 00:03:47 UTC1378INData Raw: 17 10 a2 7a 1b bd 0d 8f f0 01 84 b0 21 f4 55 13 2c 5f b1 de 6b 2b 2b dc d8 76 b9 c7 a9 ff b3 41 c3 e1 68 6d 4b ee e4 1a ef 51 39 f1 31 c9 65 fd 04 a6 5f ae 4b ec ec c5 90 df 83 b4 18 ba cd 6c 85 8a 5c de 54 aa e4 0c ba cb 63 2d f7 cc e0 63 79 5e 8d 64 d4 57 e1 c5 df fd 2c 23 d3 90 e8 35 98 e1 70 20 60 54 c4 59 b6 19 96 65 35 8b 73 76 dc 6f df 94 27 6b d7 5d de 5d 08 3e 2e 03 95 c7 1b de 35 9c 2c 2b 1e 32 59 2d ae 57 18 d6 01 56 47 c0 ba d5 cc 75 94 25 55 b9 2b f3 f0 25 20 4c 30 20 6a fa 81 c3 44 7a b1 e7 7a 3f 97 df 38 16 55 7b 8c 40 5a 3b 7f b8 42 47 60 2c 1b 6f 16 a1 42 69 c0 f2 40 0c 92 bb 4e 22 55 dd a3 4b 67 aa 96 66 04 dd bb 3a 95 0f 51 a3 03 7c 3b f5 0e 69 c2 ab e0 58 35 fa 67 48 d3 d0 fc d7 e4 2c b5 cf a5 bb 5f 38 e9 32 09 c8 a7 65 6c 63 4c 2b 0c
                                    Data Ascii: z!U,_k++vAhmKQ91e_Kl\Tc-cy^dW,#5p `TYe5svo'k....5,+2Y-WVGu%U+% L0 jDzz?8U{@Z;BG`,oBi@N"UKgf:Q|;iX5gH,_82elcL+


                                    Statistics

                                    CPU Usage

                                    Click to jump to process

                                    Memory Usage

                                    Click to jump to process

                                    Behavior

                                    Click to jump to process

                                    System Behavior

                                    General

                                    Target ID:0
                                    Start time:20:01:57
                                    Start date:29/10/2024
                                    Path:C:\Users\user\Desktop\rTransferenciarealizada451236.exe
                                    Wow64 process (32bit):true
                                    Commandline:"C:\Users\user\Desktop\rTransferenciarealizada451236.exe"
                                    Imagebase:0x400000
                                    File size:915'368 bytes
                                    MD5 hash:12F32DC32A25A48DB3ACA40758745E80
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Yara matches:
                                    • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.2677672856.0000000003B5D000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                    Reputation:low
                                    Has exited:true

                                    General

                                    Target ID:5
                                    Start time:20:03:37
                                    Start date:29/10/2024
                                    Path:C:\Users\user\Desktop\rTransferenciarealizada451236.exe
                                    Wow64 process (32bit):true
                                    Commandline:"C:\Users\user\Desktop\rTransferenciarealizada451236.exe"
                                    Imagebase:0x400000
                                    File size:915'368 bytes
                                    MD5 hash:12F32DC32A25A48DB3ACA40758745E80
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:low
                                    Has exited:false

                                    Disassembly

                                    Reset < >

                                      Execution Graph

                                      Execution Coverage:16.8%
                                      Dynamic/Decrypted Code Coverage:13.5%
                                      Signature Coverage:21.1%
                                      Total number of Nodes:1562
                                      Total number of Limit Nodes:40
                                      execution_graph 4989 10001000 4992 1000101b 4989->4992 4999 100014bb 4992->4999 4994 10001020 4995 10001024 4994->4995 4996 10001027 GlobalAlloc 4994->4996 4997 100014e2 3 API calls 4995->4997 4996->4995 4998 10001019 4997->4998 5000 100014c1 4999->5000 5001 100014c7 5000->5001 5002 100014d3 GlobalFree 5000->5002 5001->4994 5002->4994 4111 4025c4 4112 402a9f 17 API calls 4111->4112 4113 4025ce 4112->4113 4115 40263e 4113->4115 4118 40264e 4113->4118 4119 40263c 4113->4119 4120 405b40 ReadFile 4113->4120 4122 405e8d wsprintfA 4115->4122 4117 402664 SetFilePointer 4117->4119 4118->4117 4118->4119 4121 405b5e 4120->4121 4121->4113 4122->4119 5010 402245 5011 402ac1 17 API calls 5010->5011 5012 40224b 5011->5012 5013 402ac1 17 API calls 5012->5013 5014 402254 5013->5014 5015 402ac1 17 API calls 5014->5015 5016 40225d 5015->5016 5017 406232 2 API calls 5016->5017 5018 402266 5017->5018 5019 402277 lstrlenA lstrlenA 5018->5019 5020 40226a 5018->5020 5022 405056 24 API calls 5019->5022 5021 405056 24 API calls 5020->5021 5024 402272 5021->5024 5023 4022b3 SHFileOperationA 5022->5023 5023->5020 5023->5024 5025 4028c5 5026 402a9f 17 API calls 5025->5026 5027 4028cb 5026->5027 5028 402900 5027->5028 5029 4028dd 5027->5029 5030 402716 5027->5030 5028->5030 5031 405f51 17 API calls 5028->5031 5029->5030 5033 405e8d wsprintfA 5029->5033 5031->5030 5033->5030 4131 401746 4132 402ac1 17 API calls 4131->4132 4133 40174d 4132->4133 4137 405af7 4133->4137 4135 401754 4136 405af7 2 API calls 4135->4136 4136->4135 4138 405b02 GetTickCount GetTempFileNameA 4137->4138 4139 405b33 4138->4139 4140 405b2f 4138->4140 4139->4135 4140->4138 4140->4139 5034 401947 5035 402ac1 17 API calls 5034->5035 5036 40194e lstrlenA 5035->5036 5037 402577 5036->5037 5038 4022c7 5039 4022ce 5038->5039 5042 4022e1 5038->5042 5040 405f51 17 API calls 5039->5040 5041 4022db 5040->5041 5043 40564b MessageBoxIndirectA 5041->5043 5043->5042 4141 10002709 4142 10002759 4141->4142 4143 10002719 VirtualProtect 4141->4143 4143->4142 5047 404fca 5048 404fda 5047->5048 5049 404fee 5047->5049 5051 404fe0 5048->5051 5059 405037 5048->5059 5050 404ff6 IsWindowVisible 5049->5050 5056 40500d 5049->5056 5053 405003 5050->5053 5050->5059 5052 40403c SendMessageA 5051->5052 5057 404fea 5052->5057 5060 404921 SendMessageA 5053->5060 5054 40503c CallWindowProcA 5054->5057 5056->5054 5065 4049a1 5056->5065 5059->5054 5061 404980 SendMessageA 5060->5061 5062 404944 GetMessagePos ScreenToClient SendMessageA 5060->5062 5063 404978 5061->5063 5062->5063 5064 40497d 5062->5064 5063->5056 5064->5061 5074 405f2f lstrcpynA 5065->5074 5067 4049b4 5075 405e8d wsprintfA 5067->5075 5069 4049be 5070 40140b 2 API calls 5069->5070 5071 4049c7 5070->5071 5076 405f2f lstrcpynA 5071->5076 5073 4049ce 5073->5059 5074->5067 5075->5069 5076->5073 5077 4020cb 5078 402ac1 17 API calls 5077->5078 5079 4020d2 5078->5079 5080 402ac1 17 API calls 5079->5080 5081 4020dc 5080->5081 5082 402ac1 17 API calls 5081->5082 5083 4020e6 5082->5083 5084 402ac1 17 API calls 5083->5084 5085 4020f0 5084->5085 5086 402ac1 17 API calls 5085->5086 5087 4020fa 5086->5087 5088 40213c CoCreateInstance 5087->5088 5089 402ac1 17 API calls 5087->5089 5090 40215b 5088->5090 5094 402206 5088->5094 5089->5088 5093 4021e6 MultiByteToWideChar 5090->5093 5090->5094 5091 401423 24 API calls 5092 40223c 5091->5092 5093->5094 5094->5091 5094->5092 5095 1000180d 5096 10001830 5095->5096 5097 10001860 GlobalFree 5096->5097 5098 10001872 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 5096->5098 5097->5098 5099 10001266 2 API calls 5098->5099 5100 100019e3 GlobalFree GlobalFree 5099->5100 5101 4026ce 5102 4026d4 5101->5102 5103 4026d8 FindNextFileA 5102->5103 5106 4026ea 5102->5106 5104 402729 5103->5104 5103->5106 5107 405f2f lstrcpynA 5104->5107 5107->5106 4165 4023d0 4166 402ac1 17 API calls 4165->4166 4167 4023e2 4166->4167 4168 402ac1 17 API calls 4167->4168 4169 4023ec 4168->4169 4182 402b51 4169->4182 4172 402421 4173 40242d 4172->4173 4176 402a9f 17 API calls 4172->4176 4177 40244c RegSetValueExA 4173->4177 4186 402f81 4173->4186 4174 402716 4175 402ac1 17 API calls 4178 40241a lstrlenA 4175->4178 4176->4173 4180 402462 RegCloseKey 4177->4180 4178->4172 4180->4174 4183 402b6c 4182->4183 4207 405de3 4183->4207 4188 402f97 4186->4188 4187 402fc2 4211 40315d 4187->4211 4188->4187 4224 403173 SetFilePointer 4188->4224 4192 4030fd 4194 403101 4192->4194 4199 403119 4192->4199 4193 402fdf GetTickCount 4205 402ff2 4193->4205 4196 40315d ReadFile 4194->4196 4195 4030e7 4195->4177 4196->4195 4197 40315d ReadFile 4197->4199 4198 40315d ReadFile 4198->4205 4199->4195 4199->4197 4200 405b6f WriteFile 4199->4200 4200->4199 4202 403058 GetTickCount 4202->4205 4203 403081 MulDiv wsprintfA 4225 405056 4203->4225 4205->4195 4205->4198 4205->4202 4205->4203 4214 40640c 4205->4214 4222 405b6f WriteFile 4205->4222 4208 405df2 4207->4208 4209 405dfd RegCreateKeyExA 4208->4209 4210 4023fc 4208->4210 4209->4210 4210->4172 4210->4174 4210->4175 4212 405b40 ReadFile 4211->4212 4213 402fcd 4212->4213 4213->4192 4213->4193 4213->4195 4215 406431 4214->4215 4216 406439 4214->4216 4215->4205 4216->4215 4217 4064c0 GlobalFree 4216->4217 4218 4064c9 GlobalAlloc 4216->4218 4219 406540 GlobalAlloc 4216->4219 4220 406537 GlobalFree 4216->4220 4217->4218 4218->4215 4221 4064dd 4218->4221 4219->4215 4219->4216 4220->4219 4221->4216 4223 405b8d 4222->4223 4223->4205 4224->4187 4226 405071 4225->4226 4235 405114 4225->4235 4227 40508e lstrlenA 4226->4227 4228 405f51 17 API calls 4226->4228 4229 4050b7 4227->4229 4230 40509c lstrlenA 4227->4230 4228->4227 4232 4050ca 4229->4232 4233 4050bd SetWindowTextA 4229->4233 4231 4050ae lstrcatA 4230->4231 4230->4235 4231->4229 4234 4050d0 SendMessageA SendMessageA SendMessageA 4232->4234 4232->4235 4233->4232 4234->4235 4235->4205 5108 4049d3 GetDlgItem GetDlgItem 5109 404a25 7 API calls 5108->5109 5116 404c3d 5108->5116 5110 404ac8 DeleteObject 5109->5110 5111 404abb SendMessageA 5109->5111 5112 404ad1 5110->5112 5111->5110 5113 404b08 5112->5113 5115 405f51 17 API calls 5112->5115 5159 403ff0 5113->5159 5114 404d21 5118 404dcd 5114->5118 5128 404d7a SendMessageA 5114->5128 5149 404c30 5114->5149 5120 404aea SendMessageA SendMessageA 5115->5120 5116->5114 5119 404cae 5116->5119 5126 404921 5 API calls 5116->5126 5121 404dd7 SendMessageA 5118->5121 5122 404ddf 5118->5122 5119->5114 5125 404d13 SendMessageA 5119->5125 5120->5112 5121->5122 5130 404df1 ImageList_Destroy 5122->5130 5131 404df8 5122->5131 5138 404e08 5122->5138 5123 404b1c 5127 403ff0 18 API calls 5123->5127 5125->5114 5126->5119 5142 404b2a 5127->5142 5133 404d8f SendMessageA 5128->5133 5128->5149 5130->5131 5134 404e01 GlobalFree 5131->5134 5131->5138 5132 404f77 5139 404f89 ShowWindow GetDlgItem ShowWindow 5132->5139 5132->5149 5136 404da2 5133->5136 5134->5138 5135 404bfe GetWindowLongA SetWindowLongA 5137 404c17 5135->5137 5143 404db3 SendMessageA 5136->5143 5140 404c35 5137->5140 5141 404c1d ShowWindow 5137->5141 5138->5132 5148 4049a1 4 API calls 5138->5148 5155 404e43 5138->5155 5139->5149 5163 404025 SendMessageA 5140->5163 5162 404025 SendMessageA 5141->5162 5142->5135 5144 404bf8 5142->5144 5147 404b79 SendMessageA 5142->5147 5150 404bb5 SendMessageA 5142->5150 5151 404bc6 SendMessageA 5142->5151 5143->5118 5144->5135 5144->5137 5147->5142 5148->5155 5167 404057 5149->5167 5150->5142 5151->5142 5152 404f4d InvalidateRect 5152->5132 5153 404f63 5152->5153 5164 4048dc 5153->5164 5154 404e71 SendMessageA 5156 404e87 5154->5156 5155->5154 5155->5156 5156->5152 5158 404efb SendMessageA SendMessageA 5156->5158 5158->5156 5160 405f51 17 API calls 5159->5160 5161 403ffb SetDlgItemTextA 5160->5161 5161->5123 5162->5149 5163->5116 5181 404817 5164->5181 5166 4048f1 5166->5132 5168 40406f GetWindowLongA 5167->5168 5178 4040f8 5167->5178 5169 404080 5168->5169 5168->5178 5170 404092 5169->5170 5171 40408f GetSysColor 5169->5171 5172 4040a2 SetBkMode 5170->5172 5173 404098 SetTextColor 5170->5173 5171->5170 5174 4040c0 5172->5174 5175 4040ba GetSysColor 5172->5175 5173->5172 5176 4040d1 5174->5176 5177 4040c7 SetBkColor 5174->5177 5175->5174 5176->5178 5179 4040e4 DeleteObject 5176->5179 5180 4040eb CreateBrushIndirect 5176->5180 5177->5176 5179->5180 5180->5178 5182 40482d 5181->5182 5183 405f51 17 API calls 5182->5183 5184 404891 5183->5184 5185 405f51 17 API calls 5184->5185 5186 40489c 5185->5186 5187 405f51 17 API calls 5186->5187 5188 4048b2 lstrlenA wsprintfA SetDlgItemTextA 5187->5188 5188->5166 5189 401cd4 5190 402a9f 17 API calls 5189->5190 5191 401cda IsWindow 5190->5191 5192 401a0e 5191->5192 4372 4014d6 4373 402a9f 17 API calls 4372->4373 4374 4014dc Sleep 4373->4374 4376 402951 4374->4376 4387 401759 4388 402ac1 17 API calls 4387->4388 4389 401760 4388->4389 4390 401786 4389->4390 4391 40177e 4389->4391 4428 405f2f lstrcpynA 4390->4428 4427 405f2f lstrcpynA 4391->4427 4394 401784 4398 406199 5 API calls 4394->4398 4395 401791 4396 4058c7 3 API calls 4395->4396 4397 401797 lstrcatA 4396->4397 4397->4394 4401 4017a3 4398->4401 4399 406232 2 API calls 4399->4401 4400 4017e4 4402 405aa3 2 API calls 4400->4402 4401->4399 4401->4400 4404 4017ba CompareFileTime 4401->4404 4405 40187e 4401->4405 4407 401855 4401->4407 4410 405f2f lstrcpynA 4401->4410 4414 405f51 17 API calls 4401->4414 4426 405ac8 GetFileAttributesA CreateFileA 4401->4426 4429 40564b 4401->4429 4402->4401 4404->4401 4406 405056 24 API calls 4405->4406 4408 401888 4406->4408 4409 405056 24 API calls 4407->4409 4425 40186a 4407->4425 4411 402f81 35 API calls 4408->4411 4409->4425 4410->4401 4412 40189b 4411->4412 4413 4018af SetFileTime 4412->4413 4415 4018c1 CloseHandle 4412->4415 4413->4415 4414->4401 4416 4018d2 4415->4416 4415->4425 4417 4018d7 4416->4417 4418 4018ea 4416->4418 4419 405f51 17 API calls 4417->4419 4420 405f51 17 API calls 4418->4420 4422 4018df lstrcatA 4419->4422 4423 4018f2 4420->4423 4422->4423 4424 40564b MessageBoxIndirectA 4423->4424 4424->4425 4426->4401 4427->4394 4428->4395 4432 405660 4429->4432 4430 4056ac 4430->4401 4431 405674 MessageBoxIndirectA 4431->4430 4432->4430 4432->4431 5193 401659 5194 402ac1 17 API calls 5193->5194 5195 40165f 5194->5195 5196 406232 2 API calls 5195->5196 5197 401665 5196->5197 5198 401e59 5199 402ac1 17 API calls 5198->5199 5200 401e5f 5199->5200 5201 402ac1 17 API calls 5200->5201 5202 401e68 5201->5202 5203 402ac1 17 API calls 5202->5203 5204 401e71 5203->5204 5205 402ac1 17 API calls 5204->5205 5206 401e7a 5205->5206 5207 401423 24 API calls 5206->5207 5208 401e81 5207->5208 5215 405611 ShellExecuteExA 5208->5215 5210 401ebc 5211 40633c 5 API calls 5210->5211 5213 402716 5210->5213 5212 401ed6 CloseHandle 5211->5212 5212->5213 5215->5210 5216 401959 5217 402a9f 17 API calls 5216->5217 5218 401960 5217->5218 5219 402a9f 17 API calls 5218->5219 5220 40196d 5219->5220 5221 402ac1 17 API calls 5220->5221 5222 401984 lstrlenA 5221->5222 5224 401994 5222->5224 5223 4019d4 5224->5223 5228 405f2f lstrcpynA 5224->5228 5226 4019c4 5226->5223 5227 4019c9 lstrlenA 5226->5227 5227->5223 5228->5226 5229 1000161a 5230 10001649 5229->5230 5231 10001a5d 18 API calls 5230->5231 5232 10001650 5231->5232 5233 10001663 5232->5233 5234 10001657 5232->5234 5236 1000168a 5233->5236 5237 1000166d 5233->5237 5235 10001266 2 API calls 5234->5235 5238 10001661 5235->5238 5240 10001690 5236->5240 5241 100016b4 5236->5241 5239 100014e2 3 API calls 5237->5239 5243 10001672 5239->5243 5244 10001559 3 API calls 5240->5244 5242 100014e2 3 API calls 5241->5242 5242->5238 5245 10001559 3 API calls 5243->5245 5246 10001695 5244->5246 5247 10001678 5245->5247 5248 10001266 2 API calls 5246->5248 5249 10001266 2 API calls 5247->5249 5250 1000169b GlobalFree 5248->5250 5252 1000167e GlobalFree 5249->5252 5250->5238 5251 100016af GlobalFree 5250->5251 5251->5238 5252->5238 5253 40685a 5255 40643f 5253->5255 5254 406daa 5255->5254 5256 4064c0 GlobalFree 5255->5256 5257 4064c9 GlobalAlloc 5255->5257 5258 406540 GlobalAlloc 5255->5258 5259 406537 GlobalFree 5255->5259 5256->5257 5257->5254 5257->5255 5258->5254 5258->5255 5259->5258 4476 401edb 4477 402ac1 17 API calls 4476->4477 4478 401ee1 4477->4478 4479 405056 24 API calls 4478->4479 4480 401eeb 4479->4480 4491 4055ce CreateProcessA 4480->4491 4483 402716 4486 401f06 4487 401f14 4486->4487 4488 401f0b 4486->4488 4490 401f12 CloseHandle 4487->4490 4499 405e8d wsprintfA 4488->4499 4490->4483 4492 405601 CloseHandle 4491->4492 4493 401ef1 4491->4493 4492->4493 4493->4483 4493->4490 4494 40633c WaitForSingleObject 4493->4494 4495 406356 4494->4495 4496 406368 GetExitCodeProcess 4495->4496 4500 406303 4495->4500 4496->4486 4499->4490 4501 406320 PeekMessageA 4500->4501 4502 406330 WaitForSingleObject 4501->4502 4503 406316 DispatchMessageA 4501->4503 4502->4495 4503->4501 5260 401f5b 5261 402ac1 17 API calls 5260->5261 5262 401f62 5261->5262 5263 4062c7 5 API calls 5262->5263 5264 401f71 5263->5264 5265 401ff1 5264->5265 5266 401f89 GlobalAlloc 5264->5266 5266->5265 5267 401f9d 5266->5267 5268 4062c7 5 API calls 5267->5268 5269 401fa4 5268->5269 5270 4062c7 5 API calls 5269->5270 5271 401fae 5270->5271 5271->5265 5275 405e8d wsprintfA 5271->5275 5273 401fe5 5276 405e8d wsprintfA 5273->5276 5275->5273 5276->5265 5277 40255b 5278 402ac1 17 API calls 5277->5278 5279 402562 5278->5279 5282 405ac8 GetFileAttributesA CreateFileA 5279->5282 5281 40256e 5282->5281 5283 401b5d 5284 401b6a 5283->5284 5285 401bae 5283->5285 5288 401bf2 5284->5288 5293 401b81 5284->5293 5286 401bb2 5285->5286 5287 401bd7 GlobalAlloc 5285->5287 5301 4022e1 5286->5301 5304 405f2f lstrcpynA 5286->5304 5289 405f51 17 API calls 5287->5289 5290 405f51 17 API calls 5288->5290 5288->5301 5289->5288 5292 4022db 5290->5292 5296 40564b MessageBoxIndirectA 5292->5296 5302 405f2f lstrcpynA 5293->5302 5294 401bc4 GlobalFree 5294->5301 5296->5301 5297 401b90 5303 405f2f lstrcpynA 5297->5303 5299 401b9f 5305 405f2f lstrcpynA 5299->5305 5302->5297 5303->5299 5304->5294 5305->5301 5306 401a5e 5307 402a9f 17 API calls 5306->5307 5308 401a64 5307->5308 5309 402a9f 17 API calls 5308->5309 5310 401a0e 5309->5310 4977 4024df 4978 402b01 17 API calls 4977->4978 4979 4024e9 4978->4979 4980 402a9f 17 API calls 4979->4980 4981 4024f2 4980->4981 4982 402500 4981->4982 4985 402716 4981->4985 4983 402519 RegEnumValueA 4982->4983 4984 40250d RegEnumKeyA 4982->4984 4986 402535 RegCloseKey 4983->4986 4987 40252e 4983->4987 4984->4986 4986->4985 4987->4986 5311 404460 5312 40448c 5311->5312 5313 40449d 5311->5313 5372 40562f GetDlgItemTextA 5312->5372 5314 4044a9 GetDlgItem 5313->5314 5321 404508 5313->5321 5316 4044bd 5314->5316 5320 4044d1 SetWindowTextA 5316->5320 5324 405960 4 API calls 5316->5324 5317 4045ec 5370 404796 5317->5370 5374 40562f GetDlgItemTextA 5317->5374 5318 404497 5319 406199 5 API calls 5318->5319 5319->5313 5325 403ff0 18 API calls 5320->5325 5321->5317 5326 405f51 17 API calls 5321->5326 5321->5370 5323 404057 8 API calls 5328 4047aa 5323->5328 5329 4044c7 5324->5329 5330 4044ed 5325->5330 5331 40457c SHBrowseForFolderA 5326->5331 5327 40461c 5332 4059b5 18 API calls 5327->5332 5329->5320 5336 4058c7 3 API calls 5329->5336 5333 403ff0 18 API calls 5330->5333 5331->5317 5334 404594 CoTaskMemFree 5331->5334 5335 404622 5332->5335 5337 4044fb 5333->5337 5338 4058c7 3 API calls 5334->5338 5375 405f2f lstrcpynA 5335->5375 5336->5320 5373 404025 SendMessageA 5337->5373 5341 4045a1 5338->5341 5343 4045d8 SetDlgItemTextA 5341->5343 5347 405f51 17 API calls 5341->5347 5342 404501 5345 4062c7 5 API calls 5342->5345 5343->5317 5344 404639 5346 4062c7 5 API calls 5344->5346 5345->5321 5355 404640 5346->5355 5348 4045c0 lstrcmpiA 5347->5348 5348->5343 5350 4045d1 lstrcatA 5348->5350 5349 40467c 5376 405f2f lstrcpynA 5349->5376 5350->5343 5352 404683 5353 405960 4 API calls 5352->5353 5354 404689 GetDiskFreeSpaceA 5353->5354 5357 4046ad MulDiv 5354->5357 5359 4046d4 5354->5359 5355->5349 5358 40590e 2 API calls 5355->5358 5355->5359 5357->5359 5358->5355 5360 404745 5359->5360 5361 4048dc 20 API calls 5359->5361 5362 404768 5360->5362 5364 40140b 2 API calls 5360->5364 5363 404732 5361->5363 5377 404012 EnableWindow 5362->5377 5365 404747 SetDlgItemTextA 5363->5365 5366 404737 5363->5366 5364->5362 5365->5360 5368 404817 20 API calls 5366->5368 5368->5360 5369 404784 5369->5370 5378 4043b9 5369->5378 5370->5323 5372->5318 5373->5342 5374->5327 5375->5344 5376->5352 5377->5369 5379 4043c7 5378->5379 5380 4043cc SendMessageA 5378->5380 5379->5380 5380->5370 5381 402c61 5382 402c70 SetTimer 5381->5382 5383 402c89 5381->5383 5382->5383 5384 402cde 5383->5384 5385 402ca3 MulDiv wsprintfA SetWindowTextA SetDlgItemTextA 5383->5385 5385->5384 5386 401563 5387 4028f9 5386->5387 5390 405e8d wsprintfA 5387->5390 5389 4028fe 5390->5389 5391 40166a 5392 402ac1 17 API calls 5391->5392 5393 401671 5392->5393 5394 402ac1 17 API calls 5393->5394 5395 40167a 5394->5395 5396 402ac1 17 API calls 5395->5396 5397 401683 MoveFileA 5396->5397 5398 401696 5397->5398 5399 40168f 5397->5399 5401 406232 2 API calls 5398->5401 5403 40223c 5398->5403 5400 401423 24 API calls 5399->5400 5400->5403 5402 4016a5 5401->5402 5402->5403 5404 405d0e 36 API calls 5402->5404 5404->5399 4148 40246d 4159 402b01 4148->4159 4151 402ac1 17 API calls 4152 402480 4151->4152 4153 402716 4152->4153 4154 40248a RegQueryValueExA 4152->4154 4155 4024aa 4154->4155 4158 4024b0 RegCloseKey 4154->4158 4155->4158 4164 405e8d wsprintfA 4155->4164 4158->4153 4160 402ac1 17 API calls 4159->4160 4161 402b18 4160->4161 4162 405db5 RegOpenKeyExA 4161->4162 4163 402477 4162->4163 4163->4151 4164->4158 5405 4019ed 5406 402ac1 17 API calls 5405->5406 5407 4019f4 5406->5407 5408 402ac1 17 API calls 5407->5408 5409 4019fd 5408->5409 5410 401a04 lstrcmpiA 5409->5410 5411 401a16 lstrcmpA 5409->5411 5412 401a0a 5410->5412 5411->5412 5413 40156f 5414 401586 5413->5414 5415 40157f ShowWindow 5413->5415 5416 401594 ShowWindow 5414->5416 5417 402951 5414->5417 5415->5414 5416->5417 5432 100015b3 5433 100014bb GlobalFree 5432->5433 5435 100015cb 5433->5435 5434 10001611 GlobalFree 5435->5434 5436 100015e6 5435->5436 5437 100015fd VirtualFree 5435->5437 5436->5434 5437->5434 5438 4014f4 SetForegroundWindow 5439 402951 5438->5439 5440 401cf5 5441 402a9f 17 API calls 5440->5441 5442 401cfc 5441->5442 5443 402a9f 17 API calls 5442->5443 5444 401d08 GetDlgItem 5443->5444 5445 402577 5444->5445 4377 4022f6 4378 402304 4377->4378 4379 4022fe 4377->4379 4381 402314 4378->4381 4382 402ac1 17 API calls 4378->4382 4380 402ac1 17 API calls 4379->4380 4380->4378 4383 402322 4381->4383 4384 402ac1 17 API calls 4381->4384 4382->4381 4385 402ac1 17 API calls 4383->4385 4384->4383 4386 40232b WritePrivateProfileStringA 4385->4386 5453 4026f8 5454 402ac1 17 API calls 5453->5454 5455 4026ff FindFirstFileA 5454->5455 5456 402722 5455->5456 5459 402712 5455->5459 5457 402729 5456->5457 5461 405e8d wsprintfA 5456->5461 5462 405f2f lstrcpynA 5457->5462 5461->5457 5462->5459 4440 40237b 4441 402382 4440->4441 4442 4023ad 4440->4442 4443 402b01 17 API calls 4441->4443 4444 402ac1 17 API calls 4442->4444 4445 402389 4443->4445 4446 4023b4 4444->4446 4447 402393 4445->4447 4451 4023c1 4445->4451 4452 402b7f 4446->4452 4449 402ac1 17 API calls 4447->4449 4450 40239a RegDeleteValueA RegCloseKey 4449->4450 4450->4451 4453 402b95 4452->4453 4454 402bab 4453->4454 4456 402bb4 4453->4456 4454->4451 4457 405db5 RegOpenKeyExA 4456->4457 4458 402be2 4457->4458 4459 402c08 RegEnumKeyA 4458->4459 4460 402c1f RegCloseKey 4458->4460 4461 402c40 RegCloseKey 4458->4461 4464 402bb4 6 API calls 4458->4464 4465 402c33 4458->4465 4459->4458 4459->4460 4467 4062c7 GetModuleHandleA 4460->4467 4461->4465 4464->4458 4465->4454 4466 402c4e RegDeleteKeyA 4466->4465 4468 4062e3 4467->4468 4469 4062ed GetProcAddress 4467->4469 4473 406259 GetSystemDirectoryA 4468->4473 4470 402c2f 4469->4470 4470->4465 4470->4466 4472 4062e9 4472->4469 4472->4470 4474 40627b wsprintfA LoadLibraryExA 4473->4474 4474->4472 4789 401ffd 4790 4020bd 4789->4790 4791 40200f 4789->4791 4793 401423 24 API calls 4790->4793 4792 402ac1 17 API calls 4791->4792 4794 402016 4792->4794 4800 40223c 4793->4800 4795 402ac1 17 API calls 4794->4795 4796 40201f 4795->4796 4797 402034 LoadLibraryExA 4796->4797 4798 402027 GetModuleHandleA 4796->4798 4797->4790 4799 402044 GetProcAddress 4797->4799 4798->4797 4798->4799 4801 402090 4799->4801 4802 402053 4799->4802 4803 405056 24 API calls 4801->4803 4804 402072 4802->4804 4805 40205b 4802->4805 4806 402063 4803->4806 4810 100016bd 4804->4810 4807 401423 24 API calls 4805->4807 4806->4800 4808 4020b1 FreeLibrary 4806->4808 4807->4806 4808->4800 4811 100016ed 4810->4811 4852 10001a5d 4811->4852 4813 100016f4 4814 1000180a 4813->4814 4815 10001705 4813->4815 4816 1000170c 4813->4816 4814->4806 4901 100021b0 4815->4901 4884 100021fa 4816->4884 4821 10001770 4827 100017b2 4821->4827 4828 10001776 4821->4828 4822 10001752 4914 100023d8 4822->4914 4823 10001722 4826 10001728 4823->4826 4832 10001733 4823->4832 4824 1000173b 4837 10001731 4824->4837 4911 10002a9f 4824->4911 4826->4837 4895 100027e4 4826->4895 4830 100023d8 11 API calls 4827->4830 4834 10001559 3 API calls 4828->4834 4835 100017a4 4830->4835 4831 10001758 4925 10001559 4831->4925 4905 10002587 4832->4905 4839 1000178c 4834->4839 4851 100017f9 4835->4851 4936 1000239e 4835->4936 4837->4821 4837->4822 4840 100023d8 11 API calls 4839->4840 4840->4835 4842 10001739 4842->4837 4844 10001803 GlobalFree 4844->4814 4848 100017e5 4848->4851 4940 100014e2 wsprintfA 4848->4940 4849 100017de FreeLibrary 4849->4848 4851->4814 4851->4844 4943 10001215 GlobalAlloc 4852->4943 4854 10001a81 4944 10001215 GlobalAlloc 4854->4944 4856 10001cbb GlobalFree GlobalFree GlobalFree 4857 10001cd8 4856->4857 4869 10001d22 4856->4869 4859 1000201a 4857->4859 4867 10001ced 4857->4867 4857->4869 4858 10001a8c 4858->4856 4860 10001b60 GlobalAlloc 4858->4860 4862 10001bc9 GlobalFree 4858->4862 4865 10001bab lstrcpyA 4858->4865 4868 10001bb5 lstrcpyA 4858->4868 4858->4869 4871 10001f7a 4858->4871 4878 10001c07 4858->4878 4879 10001e75 GlobalFree 4858->4879 4882 10001224 2 API calls 4858->4882 4950 10001215 GlobalAlloc 4858->4950 4861 1000203c GetModuleHandleA 4859->4861 4859->4869 4860->4858 4863 10002062 4861->4863 4864 1000204d LoadLibraryA 4861->4864 4862->4858 4951 100015a4 GetProcAddress 4863->4951 4864->4863 4864->4869 4865->4868 4867->4869 4947 10001224 4867->4947 4868->4858 4869->4813 4870 10002074 4873 100020b3 4870->4873 4883 1000209d GetProcAddress 4870->4883 4871->4869 4877 10001fbe lstrcpyA 4871->4877 4872 100020c0 lstrlenA 4952 100015a4 GetProcAddress 4872->4952 4873->4869 4873->4872 4877->4869 4878->4858 4945 10001534 GlobalSize GlobalAlloc 4878->4945 4879->4858 4880 100020d9 4880->4869 4882->4858 4883->4873 4892 10002212 4884->4892 4886 10002347 GlobalFree 4888 10001712 4886->4888 4886->4892 4887 100022bb GlobalAlloc MultiByteToWideChar 4889 100022e5 GlobalAlloc 4887->4889 4890 10002306 4887->4890 4888->4823 4888->4824 4888->4837 4893 100022fd GlobalFree 4889->4893 4890->4886 4958 1000251b 4890->4958 4891 10001224 GlobalAlloc lstrcpynA 4891->4892 4892->4886 4892->4887 4892->4890 4892->4891 4954 100012ad 4892->4954 4893->4886 4896 100027f6 4895->4896 4897 1000289b VirtualAllocEx 4896->4897 4898 100028b9 4897->4898 4899 100029b5 4898->4899 4900 100029aa GetLastError 4898->4900 4899->4837 4900->4899 4902 100021c0 4901->4902 4903 1000170b 4901->4903 4902->4903 4904 100021d2 GlobalAlloc 4902->4904 4903->4816 4904->4902 4909 100025a3 4905->4909 4906 100025f4 GlobalAlloc 4910 10002616 4906->4910 4907 10002607 4908 1000260c GlobalSize 4907->4908 4907->4910 4908->4910 4909->4906 4909->4907 4910->4842 4912 10002aaa 4911->4912 4913 10002aea GlobalFree 4912->4913 4961 10001215 GlobalAlloc 4914->4961 4916 10002438 lstrcpynA 4922 100023e4 4916->4922 4917 10002449 StringFromGUID2 WideCharToMultiByte 4917->4922 4918 1000246d WideCharToMultiByte 4918->4922 4919 1000248e wsprintfA 4919->4922 4920 100024b2 GlobalFree 4920->4922 4921 100024ec GlobalFree 4921->4831 4922->4916 4922->4917 4922->4918 4922->4919 4922->4920 4922->4921 4923 10001266 2 API calls 4922->4923 4962 100012d1 4922->4962 4923->4922 4966 10001215 GlobalAlloc 4925->4966 4927 1000155f 4928 1000156c lstrcpyA 4927->4928 4929 10001586 4927->4929 4931 100015a0 4928->4931 4929->4931 4932 1000158b wsprintfA 4929->4932 4933 10001266 4931->4933 4932->4931 4934 100012a8 GlobalFree 4933->4934 4935 1000126f GlobalAlloc lstrcpynA 4933->4935 4934->4835 4935->4934 4937 100017c5 4936->4937 4938 100023ac 4936->4938 4937->4848 4937->4849 4938->4937 4939 100023c5 GlobalFree 4938->4939 4939->4938 4941 10001266 2 API calls 4940->4941 4942 10001503 4941->4942 4942->4851 4943->4854 4944->4858 4946 10001552 4945->4946 4946->4878 4953 10001215 GlobalAlloc 4947->4953 4949 10001233 lstrcpynA 4949->4869 4950->4858 4951->4870 4952->4880 4953->4949 4955 100012b4 4954->4955 4956 10001224 2 API calls 4955->4956 4957 100012cf 4956->4957 4957->4892 4959 10002529 VirtualAlloc 4958->4959 4960 1000257f 4958->4960 4959->4960 4960->4890 4961->4922 4963 100012f9 4962->4963 4964 100012da 4962->4964 4963->4922 4964->4963 4965 100012e0 lstrcpyA 4964->4965 4965->4963 4966->4927 5463 1000103d 5464 1000101b 5 API calls 5463->5464 5465 10001056 5464->5465 5466 40257d 5467 402582 5466->5467 5468 402596 5466->5468 5469 402a9f 17 API calls 5467->5469 5470 402ac1 17 API calls 5468->5470 5472 40258b 5469->5472 5471 40259d lstrlenA 5470->5471 5471->5472 5473 405b6f WriteFile 5472->5473 5474 4025bf 5472->5474 5473->5474 5475 4018fd 5476 401934 5475->5476 5477 402ac1 17 API calls 5476->5477 5478 401939 5477->5478 5479 4056f7 67 API calls 5478->5479 5480 401942 5479->5480 5481 100029bf 5482 100029d7 5481->5482 5483 10001534 2 API calls 5482->5483 5484 100029f2 5483->5484 5485 401000 5486 401037 BeginPaint GetClientRect 5485->5486 5487 40100c DefWindowProcA 5485->5487 5489 4010f3 5486->5489 5490 401179 5487->5490 5491 401073 CreateBrushIndirect FillRect DeleteObject 5489->5491 5492 4010fc 5489->5492 5491->5489 5493 401102 CreateFontIndirectA 5492->5493 5494 401167 EndPaint 5492->5494 5493->5494 5495 401112 6 API calls 5493->5495 5494->5490 5495->5494 5496 401900 5497 402ac1 17 API calls 5496->5497 5498 401907 5497->5498 5499 40564b MessageBoxIndirectA 5498->5499 5500 401910 5499->5500 4029 402682 4030 402689 4029->4030 4032 4028fe 4029->4032 4037 402a9f 4030->4037 4033 402690 4034 40269f SetFilePointer 4033->4034 4034->4032 4035 4026af 4034->4035 4040 405e8d wsprintfA 4035->4040 4041 405f51 4037->4041 4039 402ab4 4039->4033 4040->4032 4042 405f5e 4041->4042 4043 406180 4042->4043 4046 40615a lstrlenA 4042->4046 4047 405f51 10 API calls 4042->4047 4050 406076 GetSystemDirectoryA 4042->4050 4052 406089 GetWindowsDirectoryA 4042->4052 4054 405f51 10 API calls 4042->4054 4055 406103 lstrcatA 4042->4055 4056 4060bd SHGetSpecialFolderLocation 4042->4056 4058 405e16 4042->4058 4063 406199 4042->4063 4072 405e8d wsprintfA 4042->4072 4073 405f2f lstrcpynA 4042->4073 4044 406195 4043->4044 4074 405f2f lstrcpynA 4043->4074 4044->4039 4046->4042 4047->4046 4050->4042 4052->4042 4054->4042 4055->4042 4056->4042 4057 4060d5 SHGetPathFromIDListA CoTaskMemFree 4056->4057 4057->4042 4075 405db5 4058->4075 4061 405e4a RegQueryValueExA RegCloseKey 4062 405e79 4061->4062 4062->4042 4064 4061a5 4063->4064 4066 406202 CharNextA 4064->4066 4069 40620d 4064->4069 4070 4061f0 CharNextA 4064->4070 4071 4061fd CharNextA 4064->4071 4079 4058f2 4064->4079 4065 406211 CharPrevA 4065->4069 4066->4064 4066->4069 4067 40622c 4067->4042 4069->4065 4069->4067 4070->4064 4071->4066 4072->4042 4073->4042 4074->4044 4076 405dc4 4075->4076 4077 405dc8 4076->4077 4078 405dcd RegOpenKeyExA 4076->4078 4077->4061 4077->4062 4078->4077 4080 4058f8 4079->4080 4081 40590b 4080->4081 4082 4058fe CharNextA 4080->4082 4081->4064 4082->4080 5501 401502 5502 40150a 5501->5502 5504 40151d 5501->5504 5503 402a9f 17 API calls 5502->5503 5503->5504 4083 401c04 4084 402a9f 17 API calls 4083->4084 4085 401c0b 4084->4085 4086 402a9f 17 API calls 4085->4086 4087 401c18 4086->4087 4088 401c2d 4087->4088 4089 402ac1 17 API calls 4087->4089 4090 401c3d 4088->4090 4091 402ac1 17 API calls 4088->4091 4089->4088 4092 401c94 4090->4092 4093 401c48 4090->4093 4091->4090 4105 402ac1 4092->4105 4095 402a9f 17 API calls 4093->4095 4097 401c4d 4095->4097 4099 402a9f 17 API calls 4097->4099 4098 402ac1 17 API calls 4100 401ca2 FindWindowExA 4098->4100 4101 401c59 4099->4101 4104 401cc0 4100->4104 4102 401c84 SendMessageA 4101->4102 4103 401c66 SendMessageTimeoutA 4101->4103 4102->4104 4103->4104 4106 402acd 4105->4106 4107 405f51 17 API calls 4106->4107 4108 402aee 4107->4108 4109 401c99 4108->4109 4110 406199 5 API calls 4108->4110 4109->4098 4110->4109 5505 404104 lstrcpynA lstrlenA 4144 401389 4146 401390 4144->4146 4145 4013fe 4146->4145 4147 4013cb MulDiv SendMessageA 4146->4147 4147->4146 5513 401490 5514 405056 24 API calls 5513->5514 5515 401497 5514->5515 5516 405194 5517 4051b6 GetDlgItem GetDlgItem GetDlgItem 5516->5517 5518 40533f 5516->5518 5561 404025 SendMessageA 5517->5561 5520 405347 GetDlgItem CreateThread CloseHandle 5518->5520 5521 40536f 5518->5521 5520->5521 5523 40539d 5521->5523 5525 405385 ShowWindow ShowWindow 5521->5525 5526 4053be 5521->5526 5522 405226 5530 40522d GetClientRect GetSystemMetrics SendMessageA SendMessageA 5522->5530 5524 4053f8 5523->5524 5527 4053d1 ShowWindow 5523->5527 5528 4053ad 5523->5528 5524->5526 5538 405405 SendMessageA 5524->5538 5563 404025 SendMessageA 5525->5563 5529 404057 8 API calls 5526->5529 5534 4053f1 5527->5534 5535 4053e3 5527->5535 5564 403fc9 5528->5564 5533 4053ca 5529->5533 5536 40529b 5530->5536 5537 40527f SendMessageA SendMessageA 5530->5537 5540 403fc9 SendMessageA 5534->5540 5539 405056 24 API calls 5535->5539 5541 4052a0 SendMessageA 5536->5541 5542 4052ae 5536->5542 5537->5536 5538->5533 5543 40541e CreatePopupMenu 5538->5543 5539->5534 5540->5524 5541->5542 5545 403ff0 18 API calls 5542->5545 5544 405f51 17 API calls 5543->5544 5546 40542e AppendMenuA 5544->5546 5547 4052be 5545->5547 5548 40544c GetWindowRect 5546->5548 5549 40545f TrackPopupMenu 5546->5549 5550 4052c7 ShowWindow 5547->5550 5551 4052fb GetDlgItem SendMessageA 5547->5551 5548->5549 5549->5533 5552 40547b 5549->5552 5553 4052ea 5550->5553 5554 4052dd ShowWindow 5550->5554 5551->5533 5555 405322 SendMessageA SendMessageA 5551->5555 5556 40549a SendMessageA 5552->5556 5562 404025 SendMessageA 5553->5562 5554->5553 5555->5533 5556->5556 5557 4054b7 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 5556->5557 5559 4054d9 SendMessageA 5557->5559 5559->5559 5560 4054fb GlobalUnlock SetClipboardData CloseClipboard 5559->5560 5560->5533 5561->5522 5562->5551 5563->5523 5565 403fd0 5564->5565 5566 403fd6 SendMessageA 5564->5566 5565->5566 5566->5526 4364 401d95 GetDC 4365 402a9f 17 API calls 4364->4365 4366 401da7 GetDeviceCaps MulDiv ReleaseDC 4365->4366 4367 402a9f 17 API calls 4366->4367 4368 401dd8 4367->4368 4369 405f51 17 API calls 4368->4369 4370 401e15 CreateFontIndirectA 4369->4370 4371 402577 4370->4371 5567 10001058 5569 10001074 5567->5569 5568 100010dc 5569->5568 5570 100014bb GlobalFree 5569->5570 5571 10001091 5569->5571 5570->5571 5572 100014bb GlobalFree 5571->5572 5573 100010a1 5572->5573 5574 100010b1 5573->5574 5575 100010a8 GlobalSize 5573->5575 5576 100010b5 GlobalAlloc 5574->5576 5577 100010c6 5574->5577 5575->5574 5578 100014e2 3 API calls 5576->5578 5579 100010d1 GlobalFree 5577->5579 5578->5577 5579->5568 5580 404419 5581 404429 5580->5581 5582 40444f 5580->5582 5583 403ff0 18 API calls 5581->5583 5584 404057 8 API calls 5582->5584 5585 404436 SetDlgItemTextA 5583->5585 5586 40445b 5584->5586 5585->5582 5587 401d1a 5588 402a9f 17 API calls 5587->5588 5589 401d28 SetWindowLongA 5588->5589 5590 402951 5589->5590 5591 403b1c 5592 403b34 5591->5592 5593 403c6f 5591->5593 5592->5593 5596 403b40 5592->5596 5594 403c80 GetDlgItem GetDlgItem 5593->5594 5595 403cc0 5593->5595 5599 403ff0 18 API calls 5594->5599 5600 403d1a 5595->5600 5608 401389 2 API calls 5595->5608 5597 403b4b SetWindowPos 5596->5597 5598 403b5e 5596->5598 5597->5598 5601 403b63 ShowWindow 5598->5601 5602 403b7b 5598->5602 5603 403caa SetClassLongA 5599->5603 5604 40403c SendMessageA 5600->5604 5651 403c6a 5600->5651 5601->5602 5605 403b83 DestroyWindow 5602->5605 5606 403b9d 5602->5606 5607 40140b 2 API calls 5603->5607 5649 403d2c 5604->5649 5659 403f79 5605->5659 5609 403ba2 SetWindowLongA 5606->5609 5610 403bb3 5606->5610 5607->5595 5611 403cf2 5608->5611 5609->5651 5614 403c2a 5610->5614 5615 403bbf GetDlgItem 5610->5615 5611->5600 5616 403cf6 SendMessageA 5611->5616 5612 40140b 2 API calls 5612->5649 5613 403f7b DestroyWindow EndDialog 5613->5659 5620 404057 8 API calls 5614->5620 5618 403bd2 SendMessageA IsWindowEnabled 5615->5618 5619 403bef 5615->5619 5616->5651 5617 403faa ShowWindow 5617->5651 5618->5619 5618->5651 5622 403bfc 5619->5622 5623 403c43 SendMessageA 5619->5623 5624 403c0f 5619->5624 5631 403bf4 5619->5631 5620->5651 5621 405f51 17 API calls 5621->5649 5622->5623 5622->5631 5623->5614 5627 403c17 5624->5627 5628 403c2c 5624->5628 5625 403fc9 SendMessageA 5625->5614 5626 403ff0 18 API calls 5626->5649 5629 40140b 2 API calls 5627->5629 5630 40140b 2 API calls 5628->5630 5629->5631 5630->5631 5631->5614 5631->5625 5632 403ff0 18 API calls 5633 403da7 GetDlgItem 5632->5633 5634 403dc4 ShowWindow EnableWindow 5633->5634 5635 403dbc 5633->5635 5660 404012 EnableWindow 5634->5660 5635->5634 5637 403dee EnableWindow 5642 403e02 5637->5642 5638 403e07 GetSystemMenu EnableMenuItem SendMessageA 5639 403e37 SendMessageA 5638->5639 5638->5642 5639->5642 5641 403afd 18 API calls 5641->5642 5642->5638 5642->5641 5661 404025 SendMessageA 5642->5661 5662 405f2f lstrcpynA 5642->5662 5644 403e66 lstrlenA 5645 405f51 17 API calls 5644->5645 5646 403e77 SetWindowTextA 5645->5646 5647 401389 2 API calls 5646->5647 5647->5649 5648 403ebb DestroyWindow 5650 403ed5 CreateDialogParamA 5648->5650 5648->5659 5649->5612 5649->5613 5649->5621 5649->5626 5649->5632 5649->5648 5649->5651 5652 403f08 5650->5652 5650->5659 5653 403ff0 18 API calls 5652->5653 5654 403f13 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 5653->5654 5655 401389 2 API calls 5654->5655 5656 403f59 5655->5656 5656->5651 5657 403f61 ShowWindow 5656->5657 5658 40403c SendMessageA 5657->5658 5658->5659 5659->5617 5659->5651 5660->5637 5661->5642 5662->5644 4967 40159d 4968 402ac1 17 API calls 4967->4968 4969 4015a4 SetFileAttributesA 4968->4969 4970 4015b6 4969->4970 5668 40149d 5669 4022e1 5668->5669 5670 4014ab PostQuitMessage 5668->5670 5670->5669 4971 401a1e 4972 402ac1 17 API calls 4971->4972 4973 401a27 ExpandEnvironmentStringsA 4972->4973 4974 401a3b 4973->4974 4975 401a4e 4973->4975 4974->4975 4976 401a40 lstrcmpA 4974->4976 4976->4975 5671 40171f 5672 402ac1 17 API calls 5671->5672 5673 401726 SearchPathA 5672->5673 5674 401741 5673->5674 5682 100010e0 5686 1000110e 5682->5686 5683 100011c4 GlobalFree 5684 100012ad 2 API calls 5684->5686 5685 100011c3 5685->5683 5686->5683 5686->5684 5686->5685 5687 10001155 GlobalAlloc 5686->5687 5688 100011ea GlobalFree 5686->5688 5689 10001266 2 API calls 5686->5689 5690 100012d1 lstrcpyA 5686->5690 5691 100011b1 GlobalFree 5686->5691 5687->5686 5688->5686 5689->5691 5690->5686 5691->5686 5692 10002162 5693 100021f6 5692->5693 5694 100021c0 5692->5694 5694->5693 5695 100021d2 GlobalAlloc 5694->5695 5695->5694 4123 401e25 4124 402a9f 17 API calls 4123->4124 4125 401e2b 4124->4125 4126 402a9f 17 API calls 4125->4126 4127 401e37 4126->4127 4128 401e43 ShowWindow 4127->4128 4129 401e4e EnableWindow 4127->4129 4130 402951 4128->4130 4129->4130 5696 401f2b 5697 402ac1 17 API calls 5696->5697 5698 401f32 5697->5698 5699 406232 2 API calls 5698->5699 5700 401f38 5699->5700 5701 401f4a 5700->5701 5703 405e8d wsprintfA 5700->5703 5703->5701 5704 40292c SendMessageA 5705 402951 5704->5705 5706 402946 InvalidateRect 5704->5706 5706->5705 5714 4047b1 5715 4047c1 5714->5715 5716 4047dd 5714->5716 5725 40562f GetDlgItemTextA 5715->5725 5718 404810 5716->5718 5719 4047e3 SHGetPathFromIDListA 5716->5719 5721 4047f3 5719->5721 5724 4047fa SendMessageA 5719->5724 5720 4047ce SendMessageA 5720->5716 5723 40140b 2 API calls 5721->5723 5723->5724 5724->5718 5725->5720 4236 401932 4237 401934 4236->4237 4238 402ac1 17 API calls 4237->4238 4239 401939 4238->4239 4242 4056f7 4239->4242 4282 4059b5 4242->4282 4245 405736 4247 405864 4245->4247 4296 405f2f lstrcpynA 4245->4296 4246 40571f DeleteFileA 4250 401942 4246->4250 4247->4250 4314 406232 FindFirstFileA 4247->4314 4249 40575c 4251 405762 lstrcatA 4249->4251 4252 40576f 4249->4252 4253 405775 4251->4253 4297 40590e lstrlenA 4252->4297 4256 405783 lstrcatA 4253->4256 4258 40578e lstrlenA FindFirstFileA 4253->4258 4256->4258 4258->4247 4265 4057b2 4258->4265 4259 40588c 4317 4058c7 lstrlenA CharPrevA 4259->4317 4261 4058f2 CharNextA 4261->4265 4263 4056af 5 API calls 4264 40589e 4263->4264 4266 4058a2 4264->4266 4267 4058b8 4264->4267 4265->4261 4270 405843 FindNextFileA 4265->4270 4279 405804 4265->4279 4301 405f2f lstrcpynA 4265->4301 4266->4250 4271 405056 24 API calls 4266->4271 4269 405056 24 API calls 4267->4269 4269->4250 4270->4265 4272 40585b FindClose 4270->4272 4273 4058af 4271->4273 4272->4247 4274 405d0e 36 API calls 4273->4274 4277 4058b6 4274->4277 4276 4056f7 60 API calls 4276->4279 4277->4250 4278 405056 24 API calls 4278->4270 4279->4270 4279->4276 4279->4278 4280 405056 24 API calls 4279->4280 4302 4056af 4279->4302 4310 405d0e MoveFileExA 4279->4310 4280->4279 4320 405f2f lstrcpynA 4282->4320 4284 4059c6 4321 405960 CharNextA CharNextA 4284->4321 4287 405717 4287->4245 4287->4246 4288 406199 5 API calls 4294 4059dc 4288->4294 4289 405a07 lstrlenA 4290 405a12 4289->4290 4289->4294 4291 4058c7 3 API calls 4290->4291 4293 405a17 GetFileAttributesA 4291->4293 4292 406232 2 API calls 4292->4294 4293->4287 4294->4287 4294->4289 4294->4292 4295 40590e 2 API calls 4294->4295 4295->4289 4296->4249 4298 40591b 4297->4298 4299 405920 CharPrevA 4298->4299 4300 40592c 4298->4300 4299->4298 4299->4300 4300->4253 4301->4265 4327 405aa3 GetFileAttributesA 4302->4327 4305 4056dc 4305->4279 4306 4056d2 DeleteFileA 4308 4056d8 4306->4308 4307 4056ca RemoveDirectoryA 4307->4308 4308->4305 4309 4056e8 SetFileAttributesA 4308->4309 4309->4305 4311 405d2f 4310->4311 4312 405d22 4310->4312 4311->4279 4330 405b9e 4312->4330 4315 405888 4314->4315 4316 406248 FindClose 4314->4316 4315->4250 4315->4259 4316->4315 4318 4058e1 lstrcatA 4317->4318 4319 405892 4317->4319 4318->4319 4319->4263 4320->4284 4322 40597b 4321->4322 4326 40598b 4321->4326 4324 405986 CharNextA 4322->4324 4322->4326 4323 4059ab 4323->4287 4323->4288 4324->4323 4325 4058f2 CharNextA 4325->4326 4326->4323 4326->4325 4328 4056bb 4327->4328 4329 405ab5 SetFileAttributesA 4327->4329 4328->4305 4328->4306 4328->4307 4329->4328 4331 405bc4 4330->4331 4332 405bea GetShortPathNameA 4330->4332 4357 405ac8 GetFileAttributesA CreateFileA 4331->4357 4334 405d09 4332->4334 4335 405bff 4332->4335 4334->4311 4335->4334 4337 405c07 wsprintfA 4335->4337 4336 405bce CloseHandle GetShortPathNameA 4336->4334 4338 405be2 4336->4338 4339 405f51 17 API calls 4337->4339 4338->4332 4338->4334 4340 405c2f 4339->4340 4358 405ac8 GetFileAttributesA CreateFileA 4340->4358 4342 405c3c 4342->4334 4343 405c4b GetFileSize GlobalAlloc 4342->4343 4344 405d02 CloseHandle 4343->4344 4345 405c6d 4343->4345 4344->4334 4346 405b40 ReadFile 4345->4346 4347 405c75 4346->4347 4347->4344 4359 405a2d lstrlenA 4347->4359 4350 405ca0 4352 405a2d 4 API calls 4350->4352 4351 405c8c lstrcpyA 4353 405cae 4351->4353 4352->4353 4354 405ce5 SetFilePointer 4353->4354 4355 405b6f WriteFile 4354->4355 4356 405cfb GlobalFree 4355->4356 4356->4344 4357->4336 4358->4342 4360 405a6e lstrlenA 4359->4360 4361 405a47 lstrcmpiA 4360->4361 4363 405a76 4360->4363 4362 405a65 CharNextA 4361->4362 4361->4363 4362->4360 4363->4350 4363->4351 5726 4026b4 5727 4026ba 5726->5727 5728 402951 5727->5728 5729 4026c2 FindClose 5727->5729 5729->5728 5730 402736 5731 402ac1 17 API calls 5730->5731 5732 402744 5731->5732 5733 40275a 5732->5733 5734 402ac1 17 API calls 5732->5734 5735 405aa3 2 API calls 5733->5735 5734->5733 5736 402760 5735->5736 5758 405ac8 GetFileAttributesA CreateFileA 5736->5758 5738 40276d 5739 402816 5738->5739 5740 402779 GlobalAlloc 5738->5740 5743 402831 5739->5743 5744 40281e DeleteFileA 5739->5744 5741 402792 5740->5741 5742 40280d CloseHandle 5740->5742 5759 403173 SetFilePointer 5741->5759 5742->5739 5744->5743 5746 402798 5747 40315d ReadFile 5746->5747 5748 4027a1 GlobalAlloc 5747->5748 5749 4027b1 5748->5749 5750 4027eb 5748->5750 5752 402f81 35 API calls 5749->5752 5751 405b6f WriteFile 5750->5751 5753 4027f7 GlobalFree 5751->5753 5757 4027be 5752->5757 5754 402f81 35 API calls 5753->5754 5756 40280a 5754->5756 5755 4027e2 GlobalFree 5755->5750 5756->5742 5757->5755 5758->5738 5759->5746 5760 402837 5761 402a9f 17 API calls 5760->5761 5762 40283d 5761->5762 5763 402865 5762->5763 5764 40287c 5762->5764 5770 402716 5762->5770 5765 402879 5763->5765 5766 40286a 5763->5766 5767 402896 5764->5767 5768 402886 5764->5768 5775 405e8d wsprintfA 5765->5775 5774 405f2f lstrcpynA 5766->5774 5769 405f51 17 API calls 5767->5769 5771 402a9f 17 API calls 5768->5771 5769->5770 5771->5770 5774->5770 5775->5770 5776 4014b7 5777 4014bd 5776->5777 5778 401389 2 API calls 5777->5778 5779 4014c5 5778->5779 5780 404139 5781 40414f 5780->5781 5786 40425b 5780->5786 5784 403ff0 18 API calls 5781->5784 5782 4042ca 5783 404394 5782->5783 5785 4042d4 GetDlgItem 5782->5785 5792 404057 8 API calls 5783->5792 5787 4041a5 5784->5787 5788 404352 5785->5788 5789 4042ea 5785->5789 5786->5782 5786->5783 5790 40429f GetDlgItem SendMessageA 5786->5790 5791 403ff0 18 API calls 5787->5791 5788->5783 5793 404364 5788->5793 5789->5788 5797 404310 SendMessageA LoadCursorA SetCursor 5789->5797 5813 404012 EnableWindow 5790->5813 5795 4041b2 CheckDlgButton 5791->5795 5796 40438f 5792->5796 5798 40436a SendMessageA 5793->5798 5799 40437b 5793->5799 5811 404012 EnableWindow 5795->5811 5814 4043dd 5797->5814 5798->5799 5799->5796 5803 404381 SendMessageA 5799->5803 5800 4042c5 5804 4043b9 SendMessageA 5800->5804 5803->5796 5804->5782 5805 4041d0 GetDlgItem 5812 404025 SendMessageA 5805->5812 5808 4041e6 SendMessageA 5809 404204 GetSysColor 5808->5809 5810 40420d SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 5808->5810 5809->5810 5810->5796 5811->5805 5812->5808 5813->5800 5817 405611 ShellExecuteExA 5814->5817 5816 404343 LoadCursorA SetCursor 5816->5788 5817->5816 5818 401b39 5819 402ac1 17 API calls 5818->5819 5820 401b40 5819->5820 5821 402a9f 17 API calls 5820->5821 5822 401b49 wsprintfA 5821->5822 5823 402951 5822->5823 4433 40233a 4434 402ac1 17 API calls 4433->4434 4435 40234b 4434->4435 4436 402ac1 17 API calls 4435->4436 4437 402354 4436->4437 4438 402ac1 17 API calls 4437->4438 4439 40235e GetPrivateProfileStringA 4438->4439 4504 4015bb 4505 402ac1 17 API calls 4504->4505 4506 4015c2 4505->4506 4507 405960 4 API calls 4506->4507 4519 4015ca 4507->4519 4508 401624 4510 401652 4508->4510 4511 401629 4508->4511 4509 4058f2 CharNextA 4509->4519 4514 401423 24 API calls 4510->4514 4531 401423 4511->4531 4520 40164a 4514->4520 4518 40163b SetCurrentDirectoryA 4518->4520 4519->4508 4519->4509 4521 40160c GetFileAttributesA 4519->4521 4523 4055b6 4519->4523 4526 40551c CreateDirectoryA 4519->4526 4535 405599 CreateDirectoryA 4519->4535 4521->4519 4524 4062c7 5 API calls 4523->4524 4525 4055bd 4524->4525 4525->4519 4527 405569 4526->4527 4528 40556d GetLastError 4526->4528 4527->4519 4528->4527 4529 40557c SetFileSecurityA 4528->4529 4529->4527 4530 405592 GetLastError 4529->4530 4530->4527 4532 405056 24 API calls 4531->4532 4533 401431 4532->4533 4534 405f2f lstrcpynA 4533->4534 4534->4518 4536 4055ad GetLastError 4535->4536 4537 4055a9 4535->4537 4536->4537 4537->4519 4538 4031bb SetErrorMode GetVersion 4539 4031fc 4538->4539 4540 403202 4538->4540 4541 4062c7 5 API calls 4539->4541 4542 406259 3 API calls 4540->4542 4541->4540 4543 403218 lstrlenA 4542->4543 4543->4540 4544 403227 4543->4544 4545 4062c7 5 API calls 4544->4545 4546 40322e 4545->4546 4547 4062c7 5 API calls 4546->4547 4548 403235 4547->4548 4549 4062c7 5 API calls 4548->4549 4550 403241 #17 OleInitialize SHGetFileInfoA 4549->4550 4629 405f2f lstrcpynA 4550->4629 4553 40328d GetCommandLineA 4630 405f2f lstrcpynA 4553->4630 4555 40329f GetModuleHandleA 4556 4032b6 4555->4556 4557 4058f2 CharNextA 4556->4557 4558 4032ca CharNextA 4557->4558 4566 4032da 4558->4566 4559 4033a4 4560 4033b7 GetTempPathA 4559->4560 4631 40318a 4560->4631 4562 4033cf 4563 4033d3 GetWindowsDirectoryA lstrcatA 4562->4563 4564 403429 DeleteFileA 4562->4564 4567 40318a 12 API calls 4563->4567 4641 402d48 GetTickCount GetModuleFileNameA 4564->4641 4565 4058f2 CharNextA 4565->4566 4566->4559 4566->4565 4571 4033a6 4566->4571 4570 4033ef 4567->4570 4569 40343d 4577 4058f2 CharNextA 4569->4577 4580 4034d3 4569->4580 4612 4034c3 4569->4612 4570->4564 4573 4033f3 GetTempPathA lstrcatA SetEnvironmentVariableA SetEnvironmentVariableA 4570->4573 4726 405f2f lstrcpynA 4571->4726 4575 40318a 12 API calls 4573->4575 4579 403421 4575->4579 4581 403458 4577->4581 4579->4564 4579->4580 4729 4036a5 4580->4729 4588 403503 4581->4588 4589 40349e 4581->4589 4582 40360b 4585 403613 GetCurrentProcess OpenProcessToken 4582->4585 4586 40368d ExitProcess 4582->4586 4583 4034ed 4584 40564b MessageBoxIndirectA 4583->4584 4590 4034fb ExitProcess 4584->4590 4591 40365e 4585->4591 4592 40362e LookupPrivilegeValueA AdjustTokenPrivileges 4585->4592 4594 4055b6 5 API calls 4588->4594 4593 4059b5 18 API calls 4589->4593 4595 4062c7 5 API calls 4591->4595 4592->4591 4597 4034a9 4593->4597 4598 403508 lstrcatA 4594->4598 4596 403665 4595->4596 4599 40367a ExitWindowsEx 4596->4599 4602 403686 4596->4602 4597->4580 4727 405f2f lstrcpynA 4597->4727 4600 403524 lstrcatA lstrcmpiA 4598->4600 4601 403519 lstrcatA 4598->4601 4599->4586 4599->4602 4600->4580 4604 403540 4600->4604 4601->4600 4738 40140b 4602->4738 4605 403545 4604->4605 4606 40354c 4604->4606 4609 40551c 4 API calls 4605->4609 4610 405599 2 API calls 4606->4610 4608 4034b8 4728 405f2f lstrcpynA 4608->4728 4613 40354a 4609->4613 4614 403551 SetCurrentDirectoryA 4610->4614 4669 40377f 4612->4669 4613->4614 4615 403560 4614->4615 4616 40356b 4614->4616 4736 405f2f lstrcpynA 4615->4736 4737 405f2f lstrcpynA 4616->4737 4619 405f51 17 API calls 4620 4035aa DeleteFileA 4619->4620 4621 4035b7 CopyFileA 4620->4621 4626 403579 4620->4626 4621->4626 4622 4035ff 4624 405d0e 36 API calls 4622->4624 4623 405d0e 36 API calls 4623->4626 4624->4580 4625 405f51 17 API calls 4625->4626 4626->4619 4626->4622 4626->4623 4626->4625 4627 4055ce 2 API calls 4626->4627 4628 4035eb CloseHandle 4626->4628 4627->4626 4628->4626 4629->4553 4630->4555 4632 406199 5 API calls 4631->4632 4634 403196 4632->4634 4633 4031a0 4633->4562 4634->4633 4635 4058c7 3 API calls 4634->4635 4636 4031a8 4635->4636 4637 405599 2 API calls 4636->4637 4638 4031ae 4637->4638 4639 405af7 2 API calls 4638->4639 4640 4031b9 4639->4640 4640->4562 4741 405ac8 GetFileAttributesA CreateFileA 4641->4741 4643 402d88 4644 402d98 4643->4644 4742 405f2f lstrcpynA 4643->4742 4644->4569 4646 402dae 4647 40590e 2 API calls 4646->4647 4648 402db4 4647->4648 4743 405f2f lstrcpynA 4648->4743 4650 402dbf GetFileSize 4665 402ebb 4650->4665 4668 402dd6 4650->4668 4652 402ec4 4652->4644 4654 402ef4 GlobalAlloc 4652->4654 4756 403173 SetFilePointer 4652->4756 4653 40315d ReadFile 4653->4668 4755 403173 SetFilePointer 4654->4755 4656 402f27 4660 402ce4 6 API calls 4656->4660 4658 402edd 4661 40315d ReadFile 4658->4661 4659 402f0f 4662 402f81 35 API calls 4659->4662 4660->4644 4663 402ee8 4661->4663 4666 402f1b 4662->4666 4663->4644 4663->4654 4664 402ce4 6 API calls 4664->4668 4744 402ce4 4665->4744 4666->4644 4666->4666 4667 402f58 SetFilePointer 4666->4667 4667->4644 4668->4644 4668->4653 4668->4656 4668->4664 4668->4665 4670 4062c7 5 API calls 4669->4670 4671 403793 4670->4671 4672 403799 4671->4672 4673 4037ab 4671->4673 4765 405e8d wsprintfA 4672->4765 4674 405e16 3 API calls 4673->4674 4675 4037d6 4674->4675 4676 4037f4 lstrcatA 4675->4676 4678 405e16 3 API calls 4675->4678 4679 4037a9 4676->4679 4678->4676 4757 403a44 4679->4757 4682 4059b5 18 API calls 4683 403826 4682->4683 4684 4038af 4683->4684 4686 405e16 3 API calls 4683->4686 4685 4059b5 18 API calls 4684->4685 4687 4038b5 4685->4687 4688 403852 4686->4688 4689 4038c5 LoadImageA 4687->4689 4690 405f51 17 API calls 4687->4690 4688->4684 4695 40386e lstrlenA 4688->4695 4696 4058f2 CharNextA 4688->4696 4691 40396b 4689->4691 4692 4038ec RegisterClassA 4689->4692 4690->4689 4694 40140b 2 API calls 4691->4694 4693 403922 SystemParametersInfoA CreateWindowExA 4692->4693 4702 403975 4692->4702 4693->4691 4699 403971 4694->4699 4697 4038a2 4695->4697 4698 40387c lstrcmpiA 4695->4698 4700 40386c 4696->4700 4703 4058c7 3 API calls 4697->4703 4698->4697 4701 40388c GetFileAttributesA 4698->4701 4699->4702 4705 403a44 18 API calls 4699->4705 4700->4695 4704 403898 4701->4704 4702->4580 4706 4038a8 4703->4706 4704->4697 4707 40590e 2 API calls 4704->4707 4708 403982 4705->4708 4766 405f2f lstrcpynA 4706->4766 4707->4697 4710 403a11 4708->4710 4711 40398e ShowWindow 4708->4711 4767 405128 OleInitialize 4710->4767 4713 406259 3 API calls 4711->4713 4715 4039a6 4713->4715 4714 403a17 4716 403a33 4714->4716 4717 403a1b 4714->4717 4718 4039b4 GetClassInfoA 4715->4718 4722 406259 3 API calls 4715->4722 4721 40140b 2 API calls 4716->4721 4717->4702 4724 40140b 2 API calls 4717->4724 4719 4039c8 GetClassInfoA RegisterClassA 4718->4719 4720 4039de DialogBoxParamA 4718->4720 4719->4720 4723 40140b 2 API calls 4720->4723 4721->4702 4722->4718 4725 403a06 4723->4725 4724->4702 4725->4702 4726->4560 4727->4608 4728->4612 4730 4036bd 4729->4730 4731 4036af CloseHandle 4729->4731 4785 4036ea 4730->4785 4731->4730 4734 4056f7 67 API calls 4735 4034dc OleUninitialize 4734->4735 4735->4582 4735->4583 4736->4616 4737->4626 4739 401389 2 API calls 4738->4739 4740 401420 4739->4740 4740->4586 4741->4643 4742->4646 4743->4650 4745 402d05 4744->4745 4746 402ced 4744->4746 4749 402d15 GetTickCount 4745->4749 4750 402d0d 4745->4750 4747 402cf6 DestroyWindow 4746->4747 4748 402cfd 4746->4748 4747->4748 4748->4652 4752 402d23 CreateDialogParamA ShowWindow 4749->4752 4753 402d46 4749->4753 4751 406303 2 API calls 4750->4751 4754 402d13 4751->4754 4752->4753 4753->4652 4754->4652 4755->4659 4756->4658 4758 403a58 4757->4758 4774 405e8d wsprintfA 4758->4774 4760 403ac9 4775 403afd 4760->4775 4762 403804 4762->4682 4763 403ace 4763->4762 4764 405f51 17 API calls 4763->4764 4764->4763 4765->4679 4766->4684 4778 40403c 4767->4778 4769 40514b 4773 405172 4769->4773 4781 401389 4769->4781 4770 40403c SendMessageA 4771 405184 OleUninitialize 4770->4771 4771->4714 4773->4770 4774->4760 4776 405f51 17 API calls 4775->4776 4777 403b0b SetWindowTextA 4776->4777 4777->4763 4779 404054 4778->4779 4780 404045 SendMessageA 4778->4780 4779->4769 4780->4779 4783 401390 4781->4783 4782 4013fe 4782->4769 4783->4782 4784 4013cb MulDiv SendMessageA 4783->4784 4784->4783 4786 4036f8 4785->4786 4787 4036c2 4786->4787 4788 4036fd FreeLibrary GlobalFree 4786->4788 4787->4734 4788->4787 4788->4788 5824 401d3b GetDlgItem GetClientRect 5825 402ac1 17 API calls 5824->5825 5826 401d6b LoadImageA SendMessageA 5825->5826 5827 402951 5826->5827 5828 401d89 DeleteObject 5826->5828 5828->5827 5829 4016bb 5830 402ac1 17 API calls 5829->5830 5831 4016c1 GetFullPathNameA 5830->5831 5832 4016d8 5831->5832 5838 4016f9 5831->5838 5835 406232 2 API calls 5832->5835 5832->5838 5833 402951 5834 40170d GetShortPathNameA 5834->5833 5836 4016e9 5835->5836 5836->5838 5839 405f2f lstrcpynA 5836->5839 5838->5833 5838->5834 5839->5838 5840 4065bb 5844 40643f 5840->5844 5841 406daa 5842 4064c0 GlobalFree 5843 4064c9 GlobalAlloc 5842->5843 5843->5841 5843->5844 5844->5841 5844->5842 5844->5843 5844->5844 5845 406540 GlobalAlloc 5844->5845 5846 406537 GlobalFree 5844->5846 5845->5841 5845->5844 5846->5845 5847 40373d 5848 403748 5847->5848 5849 40374c 5848->5849 5850 40374f GlobalAlloc 5848->5850 5850->5849

                                      Executed Functions

                                      Function 004031BB Relevance: 91.4, APIs: 33, Strings: 19, Instructions: 368stringcomfileCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 0 4031bb-4031fa SetErrorMode GetVersion 1 4031fc-403204 call 4062c7 0->1 2 40320d 0->2 1->2 7 403206 1->7 4 403212-403225 call 406259 lstrlenA 2->4 9 403227-403243 call 4062c7 * 3 4->9 7->2 16 403254-4032b4 #17 OleInitialize SHGetFileInfoA call 405f2f GetCommandLineA call 405f2f GetModuleHandleA 9->16 17 403245-40324b 9->17 24 4032c0-4032d5 call 4058f2 CharNextA 16->24 25 4032b6-4032bb 16->25 17->16 21 40324d 17->21 21->16 28 40339a-40339e 24->28 25->24 29 4033a4 28->29 30 4032da-4032dd 28->30 33 4033b7-4033d1 GetTempPathA call 40318a 29->33 31 4032e5-4032ed 30->31 32 4032df-4032e3 30->32 34 4032f5-4032f8 31->34 35 4032ef-4032f0 31->35 32->31 32->32 42 4033d3-4033f1 GetWindowsDirectoryA lstrcatA call 40318a 33->42 43 403429-403443 DeleteFileA call 402d48 33->43 37 40338a-403397 call 4058f2 34->37 38 4032fe-403302 34->38 35->34 37->28 53 403399 37->53 40 403304-40330a 38->40 41 40331a-403347 38->41 45 403310 40->45 46 40330c-40330e 40->46 47 403349-40334f 41->47 48 40335a-403388 41->48 42->43 61 4033f3-403423 GetTempPathA lstrcatA SetEnvironmentVariableA * 2 call 40318a 42->61 58 4034d7-4034e7 call 4036a5 OleUninitialize 43->58 59 403449-40344f 43->59 45->41 46->41 46->45 54 403351-403353 47->54 55 403355 47->55 48->37 57 4033a6-4033b2 call 405f2f 48->57 53->28 54->48 54->55 55->48 57->33 72 40360b-403611 58->72 73 4034ed-4034fd call 40564b ExitProcess 58->73 62 403451-40345c call 4058f2 59->62 63 4034c7-4034ce call 40377f 59->63 61->43 61->58 74 403492-40349c 62->74 75 40345e-403487 62->75 70 4034d3 63->70 70->58 77 403613-40362c GetCurrentProcess OpenProcessToken 72->77 78 40368d-403695 72->78 82 403503-403517 call 4055b6 lstrcatA 74->82 83 40349e-4034ab call 4059b5 74->83 79 403489-40348b 75->79 85 40365e-40366c call 4062c7 77->85 86 40362e-403658 LookupPrivilegeValueA AdjustTokenPrivileges 77->86 80 403697 78->80 81 40369b-40369f ExitProcess 78->81 79->74 87 40348d-403490 79->87 80->81 97 403524-40353e lstrcatA lstrcmpiA 82->97 98 403519-40351f lstrcatA 82->98 83->58 96 4034ad-4034c3 call 405f2f * 2 83->96 94 40367a-403684 ExitWindowsEx 85->94 95 40366e-403678 85->95 86->85 87->74 87->79 94->78 99 403686-403688 call 40140b 94->99 95->94 95->99 96->63 97->58 101 403540-403543 97->101 98->97 99->78 102 403545-40354a call 40551c 101->102 103 40354c call 405599 101->103 112 403551-40355e SetCurrentDirectoryA 102->112 103->112 113 403560-403566 call 405f2f 112->113 114 40356b-403593 call 405f2f 112->114 113->114 118 403599-4035b5 call 405f51 DeleteFileA 114->118 121 4035f6-4035fd 118->121 122 4035b7-4035c7 CopyFileA 118->122 121->118 123 4035ff-403606 call 405d0e 121->123 122->121 124 4035c9-4035e9 call 405d0e call 405f51 call 4055ce 122->124 123->58 124->121 133 4035eb-4035f2 CloseHandle 124->133 133->121
                                      APIs
                                      • SetErrorMode.KERNELBASE ref: 004031E0
                                      • GetVersion.KERNEL32 ref: 004031E6
                                      • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403219
                                      • #17.COMCTL32(?,00000006,00000008,0000000A), ref: 00403255
                                      • OleInitialize.OLE32(00000000), ref: 0040325C
                                      • SHGetFileInfoA.SHELL32(0041ECC8,00000000,?,00000160,00000000,?,00000006,00000008,0000000A), ref: 00403278
                                      • GetCommandLineA.KERNEL32(00422F00,NSIS Error,?,00000006,00000008,0000000A), ref: 0040328D
                                      • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\rTransferenciarealizada451236.exe",00000000,?,00000006,00000008,0000000A), ref: 004032A0
                                      • CharNextA.USER32(00000000,"C:\Users\user\Desktop\rTransferenciarealizada451236.exe",00000020,?,00000006,00000008,0000000A), ref: 004032CB
                                      • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020,?,00000006,00000008,0000000A), ref: 004033C8
                                      • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000006,00000008,0000000A), ref: 004033D9
                                      • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 004033E5
                                      • GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 004033F9
                                      • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 00403401
                                      • SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 00403412
                                      • SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 0040341A
                                      • DeleteFileA.KERNELBASE(1033,?,00000006,00000008,0000000A), ref: 0040342E
                                        • Part of subcall function 004062C7: GetModuleHandleA.KERNEL32(?,?,?,0040322E,0000000A), ref: 004062D9
                                        • Part of subcall function 004062C7: GetProcAddress.KERNEL32(00000000,?), ref: 004062F4
                                        • Part of subcall function 00405F2F: lstrcpynA.KERNEL32(?,?,00000400,0040328D,00422F00,NSIS Error,?,00000006,00000008,0000000A), ref: 00405F3C
                                        • Part of subcall function 0040377F: lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\entomostraca\nonmissionary,1033,0041FD08,80000001,Control Panel\Desktop\ResourceLocale,00000000,0041FD08,00000000,00000002,74DF3410), ref: 0040386F
                                        • Part of subcall function 0040377F: lstrcmpiA.KERNEL32(?,.exe), ref: 00403882
                                        • Part of subcall function 0040377F: GetFileAttributesA.KERNEL32(Call), ref: 0040388D
                                        • Part of subcall function 0040377F: LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\entomostraca\nonmissionary), ref: 004038D6
                                        • Part of subcall function 0040377F: RegisterClassA.USER32(00422EA0), ref: 00403913
                                        • Part of subcall function 004036A5: CloseHandle.KERNEL32(000002D0,004034DC,?,?,00000006,00000008,0000000A), ref: 004036B0
                                      • OleUninitialize.OLE32(?,?,00000006,00000008,0000000A), ref: 004034DC
                                      • ExitProcess.KERNEL32 ref: 004034FD
                                      • GetCurrentProcess.KERNEL32(00000028,?,00000006,00000008,0000000A), ref: 0040361A
                                      • OpenProcessToken.ADVAPI32(00000000), ref: 00403621
                                      • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403639
                                      • AdjustTokenPrivileges.ADVAPI32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 00403658
                                      • ExitWindowsEx.USER32(00000002,80040002), ref: 0040367C
                                      • ExitProcess.KERNEL32 ref: 0040369F
                                        • Part of subcall function 0040564B: MessageBoxIndirectA.USER32(00409218), ref: 004056A6
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: Process$ExitFileHandle$EnvironmentModulePathTempTokenVariableWindowslstrcatlstrlen$AddressAdjustAttributesCharClassCloseCommandCurrentDeleteDirectoryErrorImageIndirectInfoInitializeLineLoadLookupMessageModeNextOpenPrivilegePrivilegesProcRegisterUninitializeValueVersionlstrcmpilstrcpyn
                                      • String ID: "$"C:\Users\user\Desktop\rTransferenciarealizada451236.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\rTransferenciarealizada451236.exe$C:\Users\user\entomostraca\nonmissionary$C:\Users\user\entomostraca\nonmissionary$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$`Kt$~nsu
                                      • API String ID: 3855923921-2902041478
                                      • Opcode ID: 41a2d84af2d5407adc1c32c5249e47afef491bae6f079a6a4bd1fd594076673a
                                      • Instruction ID: af4360d81dc256b8c9424dc56f1358f7fe08c6a718ebf40f6c8df5272bc15683
                                      • Opcode Fuzzy Hash: 41a2d84af2d5407adc1c32c5249e47afef491bae6f079a6a4bd1fd594076673a
                                      • Instruction Fuzzy Hash: 14C1F5706086427AE7217F719D49B2B3EACEB85306F04457FF541B62E2C77C9A058B2E
                                      Function 00402D48 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 182COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 208 402d48-402d96 GetTickCount GetModuleFileNameA call 405ac8 211 402da2-402dd0 call 405f2f call 40590e call 405f2f GetFileSize 208->211 212 402d98-402d9d 208->212 220 402dd6 211->220 221 402ebd-402ecb call 402ce4 211->221 213 402f7a-402f7e 212->213 222 402ddb-402df2 220->222 227 402f20-402f25 221->227 228 402ecd-402ed0 221->228 224 402df4 222->224 225 402df6-402dff call 40315d 222->225 224->225 234 402e05-402e0c 225->234 235 402f27-402f2f call 402ce4 225->235 227->213 230 402ed2-402eea call 403173 call 40315d 228->230 231 402ef4-402f1e GlobalAlloc call 403173 call 402f81 228->231 230->227 254 402eec-402ef2 230->254 231->227 259 402f31-402f42 231->259 238 402e88-402e8c 234->238 239 402e0e-402e22 call 405a83 234->239 235->227 243 402e96-402e9c 238->243 244 402e8e-402e95 call 402ce4 238->244 239->243 257 402e24-402e2b 239->257 250 402eab-402eb5 243->250 251 402e9e-402ea8 call 40637e 243->251 244->243 250->222 258 402ebb 250->258 251->250 254->227 254->231 257->243 263 402e2d-402e34 257->263 258->221 260 402f44 259->260 261 402f4a-402f4f 259->261 260->261 264 402f50-402f56 261->264 263->243 265 402e36-402e3d 263->265 264->264 266 402f58-402f73 SetFilePointer call 405a83 264->266 265->243 267 402e3f-402e46 265->267 270 402f78 266->270 267->243 269 402e48-402e68 267->269 269->227 271 402e6e-402e72 269->271 270->213 272 402e74-402e78 271->272 273 402e7a-402e82 271->273 272->258 272->273 273->243 274 402e84-402e86 273->274 274->243
                                      APIs
                                      • GetTickCount.KERNEL32 ref: 00402D59
                                      • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\rTransferenciarealizada451236.exe,00000400), ref: 00402D75
                                        • Part of subcall function 00405AC8: GetFileAttributesA.KERNELBASE(?,00402D88,C:\Users\user\Desktop\rTransferenciarealizada451236.exe,80000000,?), ref: 00405ACC
                                        • Part of subcall function 00405AC8: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405AEE
                                      • GetFileSize.KERNEL32(00000000,00000000,0042B000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\rTransferenciarealizada451236.exe,C:\Users\user\Desktop\rTransferenciarealizada451236.exe,80000000,?), ref: 00402DC1
                                      Strings
                                      • soft, xrefs: 00402E36
                                      • Null, xrefs: 00402E3F
                                      • Inst, xrefs: 00402E2D
                                      • "C:\Users\user\Desktop\rTransferenciarealizada451236.exe", xrefs: 00402D48
                                      • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402F20
                                      • C:\Users\user\Desktop\rTransferenciarealizada451236.exe, xrefs: 00402D5F, 00402D6E, 00402D82, 00402DA2
                                      • C:\Users\user\Desktop, xrefs: 00402DA3, 00402DA8, 00402DAE
                                      • Error launching installer, xrefs: 00402D98
                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 00402D4F
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: File$AttributesCountCreateModuleNameSizeTick
                                      • String ID: "C:\Users\user\Desktop\rTransferenciarealizada451236.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\rTransferenciarealizada451236.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                      • API String ID: 4283519449-808794392
                                      • Opcode ID: 9cf78e836df077268a8f392ddbbc0cddc733458901816a9142e16d675eec763f
                                      • Instruction ID: ef8309496f7f1060f742aea9483ad6a943d4cc908664d4bedc23fec409a9c2f2
                                      • Opcode Fuzzy Hash: 9cf78e836df077268a8f392ddbbc0cddc733458901816a9142e16d675eec763f
                                      • Instruction Fuzzy Hash: F251D5B1A40215ABDF209F65DE89B9E7AB8FB04355F10413BE900B62D1C7BC9E418B9D
                                      Function 10001A5D Relevance: 20.0, APIs: 13, Instructions: 540stringmemoryCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 10001215: GlobalAlloc.KERNELBASE(00000040,10001233,?,100012CF,-1000404B,100011AB,-000000A0), ref: 1000121D
                                      • GlobalAlloc.KERNELBASE(00000040,000014A4), ref: 10001B67
                                      • lstrcpyA.KERNEL32(00000008,?), ref: 10001BAF
                                      • lstrcpyA.KERNEL32(00000408,?), ref: 10001BB9
                                      • GlobalFree.KERNEL32(00000000), ref: 10001BCC
                                      • GlobalFree.KERNEL32(?), ref: 10001CC4
                                      • GlobalFree.KERNEL32(?), ref: 10001CC9
                                      • GlobalFree.KERNEL32(?), ref: 10001CCE
                                      • GlobalFree.KERNEL32(00000000), ref: 10001E76
                                      • lstrcpyA.KERNEL32(?,?), ref: 10001FCA
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2681703375.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000000.00000002.2681669982.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000000.00000002.2681728208.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000000.00000002.2681751281.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_10000000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: Global$Free$lstrcpy$Alloc
                                      • String ID:
                                      • API String ID: 4227406936-0
                                      • Opcode ID: 4cb5dc2aea9cf7ab25a3b1e4be44dc9197e12157622a09bbe3f88e709afef852
                                      • Instruction ID: 780798ea066e4ece118e8e5fed0bf18c828ec290136deaf2e43fc5d0554b8685
                                      • Opcode Fuzzy Hash: 4cb5dc2aea9cf7ab25a3b1e4be44dc9197e12157622a09bbe3f88e709afef852
                                      • Instruction Fuzzy Hash: 17129971D0424ADFFB20CFA4C8847EEBBF4FB043C4F61852AD5A1A2199DB749A81CB51
                                      Function 004056F7 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 159filestringCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 537 4056f7-40571d call 4059b5 540 405736-40573d 537->540 541 40571f-405731 DeleteFileA 537->541 543 405750-405760 call 405f2f 540->543 544 40573f-405741 540->544 542 4058c0-4058c4 541->542 552 405762-40576d lstrcatA 543->552 553 40576f-405770 call 40590e 543->553 545 405747-40574a 544->545 546 40586e-405873 544->546 545->543 545->546 546->542 548 405875-405878 546->548 550 405882-40588a call 406232 548->550 551 40587a-405880 548->551 550->542 561 40588c-4058a0 call 4058c7 call 4056af 550->561 551->542 554 405775-405778 552->554 553->554 557 405783-405789 lstrcatA 554->557 558 40577a-405781 554->558 560 40578e-4057ac lstrlenA FindFirstFileA 557->560 558->557 558->560 562 4057b2-4057c9 call 4058f2 560->562 563 405864-405868 560->563 573 4058a2-4058a5 561->573 574 4058b8-4058bb call 405056 561->574 571 4057d4-4057d7 562->571 572 4057cb-4057cf 562->572 563->546 565 40586a 563->565 565->546 576 4057d9-4057de 571->576 577 4057ea-4057f8 call 405f2f 571->577 572->571 575 4057d1 572->575 573->551 579 4058a7-4058b6 call 405056 call 405d0e 573->579 574->542 575->571 581 4057e0-4057e2 576->581 582 405843-405855 FindNextFileA 576->582 587 4057fa-405802 577->587 588 40580f-40581a call 4056af 577->588 579->542 581->577 586 4057e4-4057e8 581->586 582->562 585 40585b-40585e FindClose 582->585 585->563 586->577 586->582 587->582 590 405804-40580d call 4056f7 587->590 597 40583b-40583e call 405056 588->597 598 40581c-40581f 588->598 590->582 597->582 600 405821-405831 call 405056 call 405d0e 598->600 601 405833-405839 598->601 600->582 601->582
                                      APIs
                                      • DeleteFileA.KERNELBASE(?,?,74DF3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405720
                                      • lstrcatA.KERNEL32(00420D10,\*.*,00420D10,?,?,74DF3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405768
                                      • lstrcatA.KERNEL32(?,00409014,?,00420D10,?,?,74DF3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405789
                                      • lstrlenA.KERNEL32(?,?,00409014,?,00420D10,?,?,74DF3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 0040578F
                                      • FindFirstFileA.KERNELBASE(00420D10,?,?,?,00409014,?,00420D10,?,?,74DF3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004057A0
                                      • FindNextFileA.KERNEL32(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 0040584D
                                      • FindClose.KERNEL32(00000000), ref: 0040585E
                                      Strings
                                      • "C:\Users\user\Desktop\rTransferenciarealizada451236.exe", xrefs: 004056F7
                                      • \*.*, xrefs: 00405762
                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 00405704
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                      • String ID: "C:\Users\user\Desktop\rTransferenciarealizada451236.exe"$C:\Users\user\AppData\Local\Temp\$\*.*
                                      • API String ID: 2035342205-3414181654
                                      • Opcode ID: e000b3a5de225f2f8b08f8ac0f3545d1e84fc9896e5a7d05d742c6501ffd0423
                                      • Instruction ID: 5202cdaf7196988d1da3935d2d892696f3640e5f60657e92f8c59f35d89726bd
                                      • Opcode Fuzzy Hash: e000b3a5de225f2f8b08f8ac0f3545d1e84fc9896e5a7d05d742c6501ffd0423
                                      • Instruction Fuzzy Hash: 02519F32800A04BADB217B618C45BAF7B78DF42754F14847BF851761D2D73C8A92DEAE
                                      Function 004065BB Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 32e752b298fae306bc4e8e2fa827520659811e589a0f8e200775ab13b43d47c9
                                      • Instruction ID: 82117b2ed1b037f842d7e8ec4a077ce5a2ba4b06f200654bc1e2ca7552b06de8
                                      • Opcode Fuzzy Hash: 32e752b298fae306bc4e8e2fa827520659811e589a0f8e200775ab13b43d47c9
                                      • Instruction Fuzzy Hash: BCF16474D00229CBDF28CFA8C8946ADBBB1FF44305F25856ED856BB281D7385A96CF44
                                      Function 00406232 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • FindFirstFileA.KERNELBASE(74DF3410,00421558,Esophagostenosis199.Dok14,004059F8,Esophagostenosis199.Dok14,Esophagostenosis199.Dok14,00000000,Esophagostenosis199.Dok14,Esophagostenosis199.Dok14,74DF3410,?,C:\Users\user\AppData\Local\Temp\,00405717,?,74DF3410,C:\Users\user\AppData\Local\Temp\), ref: 0040623D
                                      • FindClose.KERNELBASE(00000000), ref: 00406249
                                      Strings
                                      • Esophagostenosis199.Dok14, xrefs: 00406232
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: Find$CloseFileFirst
                                      • String ID: Esophagostenosis199.Dok14
                                      • API String ID: 2295610775-3722586252
                                      • Opcode ID: fb61142ecab510d9bb051178c92cda44e9a3fae507c1338c77e1024ce068b834
                                      • Instruction ID: 7cf403c7a0a34fa6c1bdd97e039e734b9fb45dc45bcdba9fead32da54c1b9644
                                      • Opcode Fuzzy Hash: fb61142ecab510d9bb051178c92cda44e9a3fae507c1338c77e1024ce068b834
                                      • Instruction Fuzzy Hash: 19D0C9329090206BC3106628AC0C84B6A599B953717118A76B56AF12E0D238986286A9
                                      Function 0040377F Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 215stringregistryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 134 40377f-403797 call 4062c7 137 403799-4037a9 call 405e8d 134->137 138 4037ab-4037dc call 405e16 134->138 146 4037ff-403828 call 403a44 call 4059b5 137->146 142 4037f4-4037fa lstrcatA 138->142 143 4037de-4037ef call 405e16 138->143 142->146 143->142 152 40382e-403833 146->152 153 4038af-4038b7 call 4059b5 146->153 152->153 154 403835-403859 call 405e16 152->154 159 4038c5-4038ea LoadImageA 153->159 160 4038b9-4038c0 call 405f51 153->160 154->153 164 40385b-40385d 154->164 162 40396b-403973 call 40140b 159->162 163 4038ec-40391c RegisterClassA 159->163 160->159 177 403975-403978 162->177 178 40397d-403988 call 403a44 162->178 165 403922-403966 SystemParametersInfoA CreateWindowExA 163->165 166 403a3a 163->166 168 40386e-40387a lstrlenA 164->168 169 40385f-40386c call 4058f2 164->169 165->162 171 403a3c-403a43 166->171 172 4038a2-4038aa call 4058c7 call 405f2f 168->172 173 40387c-40388a lstrcmpiA 168->173 169->168 172->153 173->172 176 40388c-403896 GetFileAttributesA 173->176 180 403898-40389a 176->180 181 40389c-40389d call 40590e 176->181 177->171 187 403a11-403a19 call 405128 178->187 188 40398e-4039a8 ShowWindow call 406259 178->188 180->172 180->181 181->172 193 403a33-403a35 call 40140b 187->193 194 403a1b-403a21 187->194 195 4039b4-4039c6 GetClassInfoA 188->195 196 4039aa-4039af call 406259 188->196 193->166 194->177 199 403a27-403a2e call 40140b 194->199 197 4039c8-4039d8 GetClassInfoA RegisterClassA 195->197 198 4039de-403a0f DialogBoxParamA call 40140b call 4036cf 195->198 196->195 197->198 198->171 199->177
                                      APIs
                                        • Part of subcall function 004062C7: GetModuleHandleA.KERNEL32(?,?,?,0040322E,0000000A), ref: 004062D9
                                        • Part of subcall function 004062C7: GetProcAddress.KERNEL32(00000000,?), ref: 004062F4
                                      • lstrcatA.KERNEL32(1033,0041FD08,80000001,Control Panel\Desktop\ResourceLocale,00000000,0041FD08,00000000,00000002,74DF3410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\rTransferenciarealizada451236.exe",00000000), ref: 004037FA
                                      • lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\entomostraca\nonmissionary,1033,0041FD08,80000001,Control Panel\Desktop\ResourceLocale,00000000,0041FD08,00000000,00000002,74DF3410), ref: 0040386F
                                      • lstrcmpiA.KERNEL32(?,.exe), ref: 00403882
                                      • GetFileAttributesA.KERNEL32(Call), ref: 0040388D
                                      • LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\entomostraca\nonmissionary), ref: 004038D6
                                        • Part of subcall function 00405E8D: wsprintfA.USER32 ref: 00405E9A
                                      • RegisterClassA.USER32(00422EA0), ref: 00403913
                                      • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 0040392B
                                      • CreateWindowExA.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403960
                                      • ShowWindow.USER32(00000005,00000000), ref: 00403996
                                      • GetClassInfoA.USER32(00000000,RichEdit20A,00422EA0), ref: 004039C2
                                      • GetClassInfoA.USER32(00000000,RichEdit,00422EA0), ref: 004039CF
                                      • RegisterClassA.USER32(00422EA0), ref: 004039D8
                                      • DialogBoxParamA.USER32(?,00000000,00403B1C,00000000), ref: 004039F7
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                      • String ID: "C:\Users\user\Desktop\rTransferenciarealizada451236.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\entomostraca\nonmissionary$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                      • API String ID: 1975747703-3916250390
                                      • Opcode ID: 0f0f9529c3c60786d72211f980a5a8b1144e6e1ba4f9bbe45dc6703203a272d1
                                      • Instruction ID: d12dedd32edb2aff813830401e41f02ecd086126c72271397d80de36ce2b18ee
                                      • Opcode Fuzzy Hash: 0f0f9529c3c60786d72211f980a5a8b1144e6e1ba4f9bbe45dc6703203a272d1
                                      • Instruction Fuzzy Hash: 1E61C6B1744240BEE620BF669D45F373AACEB84759F40447EF940B22E2D77C9D029A2D
                                      Function 00405F51 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 199stringCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 475 405f51-405f5c 476 405f5e-405f6d 475->476 477 405f6f-405f85 475->477 476->477 478 406176-40617a 477->478 479 405f8b-405f96 477->479 480 406180-40618a 478->480 481 405fa8-405fb2 478->481 479->478 482 405f9c-405fa3 479->482 484 406195-406196 480->484 485 40618c-406190 call 405f2f 480->485 481->480 483 405fb8-405fbf 481->483 482->478 486 405fc5-405ff9 483->486 487 406169 483->487 485->484 489 406116-406119 486->489 490 405fff-406009 486->490 491 406173-406175 487->491 492 40616b-406171 487->492 495 406149-40614c 489->495 496 40611b-40611e 489->496 493 406023 490->493 494 40600b-40600f 490->494 491->478 492->478 500 40602a-406031 493->500 494->493 497 406011-406015 494->497 501 40615a-406167 lstrlenA 495->501 502 40614e-406155 call 405f51 495->502 498 406120-40612c call 405e8d 496->498 499 40612e-40613a call 405f2f 496->499 497->493 504 406017-40601b 497->504 513 40613f-406145 498->513 499->513 506 406033-406035 500->506 507 406036-406038 500->507 501->478 502->501 504->493 509 40601d-406021 504->509 506->507 511 406071-406074 507->511 512 40603a-406055 call 405e16 507->512 509->500 514 406084-406087 511->514 515 406076-406082 GetSystemDirectoryA 511->515 521 40605a-40605d 512->521 513->501 517 406147 513->517 519 4060f4-4060f6 514->519 520 406089-406097 GetWindowsDirectoryA 514->520 518 4060f8-4060fb 515->518 522 40610e-406114 call 406199 517->522 518->522 523 4060fd-406101 518->523 519->518 525 406099-4060a3 519->525 520->519 521->523 526 406063-40606c call 405f51 521->526 522->501 523->522 528 406103-406109 lstrcatA 523->528 530 4060a5-4060a8 525->530 531 4060bd-4060d3 SHGetSpecialFolderLocation 525->531 526->518 528->522 530->531 533 4060aa-4060b1 530->533 534 4060f1 531->534 535 4060d5-4060ef SHGetPathFromIDListA CoTaskMemFree 531->535 536 4060b9-4060bb 533->536 534->519 535->518 535->534 536->518 536->531
                                      APIs
                                      • GetSystemDirectoryA.KERNEL32(Call,00000400), ref: 0040607C
                                      • GetWindowsDirectoryA.KERNEL32(Call,00000400,?,0041F4E8,00000000,0040508E,0041F4E8,00000000), ref: 0040608F
                                      • SHGetSpecialFolderLocation.SHELL32(0040508E,00000000,?,0041F4E8,00000000,0040508E,0041F4E8,00000000), ref: 004060CB
                                      • SHGetPathFromIDListA.SHELL32(00000000,Call), ref: 004060D9
                                      • CoTaskMemFree.OLE32(00000000), ref: 004060E5
                                      • lstrcatA.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00406109
                                      • lstrlenA.KERNEL32(Call,?,0041F4E8,00000000,0040508E,0041F4E8,00000000,00000000,0040E8C0,00000000), ref: 0040615B
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                      • String ID: Call$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                      • API String ID: 717251189-1230650788
                                      • Opcode ID: 4b83501bff14d3d4afc94545923638de13eab7723713207b83caa633bdf47479
                                      • Instruction ID: ad9c483c4d11e0ac1e74b91e3c17e9742ad78b5bc63621c1ce792900c2eda604
                                      • Opcode Fuzzy Hash: 4b83501bff14d3d4afc94545923638de13eab7723713207b83caa633bdf47479
                                      • Instruction Fuzzy Hash: 5361D0B1A00115ABDF209F64CD81BBA7BB4DB45304F15813FEA03BA2D2D27C4962DB5E
                                      Function 00401759 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 606 401759-40177c call 402ac1 call 405934 611 401786-401798 call 405f2f call 4058c7 lstrcatA 606->611 612 40177e-401784 call 405f2f 606->612 617 40179d-4017a3 call 406199 611->617 612->617 622 4017a8-4017ac 617->622 623 4017ae-4017b8 call 406232 622->623 624 4017df-4017e2 622->624 631 4017ca-4017dc 623->631 632 4017ba-4017c8 CompareFileTime 623->632 626 4017e4-4017e5 call 405aa3 624->626 627 4017ea-401806 call 405ac8 624->627 626->627 634 401808-40180b 627->634 635 40187e-4018a7 call 405056 call 402f81 627->635 631->624 632->631 637 401860-40186a call 405056 634->637 638 40180d-40184f call 405f2f * 2 call 405f51 call 405f2f call 40564b 634->638 648 4018a9-4018ad 635->648 649 4018af-4018bb SetFileTime 635->649 650 401873-401879 637->650 638->622 669 401855-401856 638->669 648->649 652 4018c1-4018cc CloseHandle 648->652 649->652 653 40295a 650->653 655 402951-402954 652->655 656 4018d2-4018d5 652->656 657 40295c-402960 653->657 655->653 659 4018d7-4018e8 call 405f51 lstrcatA 656->659 660 4018ea-4018ed call 405f51 656->660 666 4018f2-4022e6 call 40564b 659->666 660->666 666->657 669->650 671 401858-401859 669->671 671->637
                                      APIs
                                      • lstrcatA.KERNEL32(00000000,00000000,Call,C:\Users\user\entomostraca\nonmissionary,00000000,00000000,00000031), ref: 00401798
                                      • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\entomostraca\nonmissionary,00000000,00000000,00000031), ref: 004017C2
                                        • Part of subcall function 00405F2F: lstrcpynA.KERNEL32(?,?,00000400,0040328D,00422F00,NSIS Error,?,00000006,00000008,0000000A), ref: 00405F3C
                                        • Part of subcall function 00405056: lstrlenA.KERNEL32(0041F4E8,00000000,0040E8C0,00000000,?,?,?,?,?,?,?,?,?,004030B1,00000000,?), ref: 0040508F
                                        • Part of subcall function 00405056: lstrlenA.KERNEL32(004030B1,0041F4E8,00000000,0040E8C0,00000000,?,?,?,?,?,?,?,?,?,004030B1,00000000), ref: 0040509F
                                        • Part of subcall function 00405056: lstrcatA.KERNEL32(0041F4E8,004030B1,004030B1,0041F4E8,00000000,0040E8C0,00000000), ref: 004050B2
                                        • Part of subcall function 00405056: SetWindowTextA.USER32(0041F4E8,0041F4E8), ref: 004050C4
                                        • Part of subcall function 00405056: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004050EA
                                        • Part of subcall function 00405056: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405104
                                        • Part of subcall function 00405056: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405112
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                      • String ID: C:\Users\user\AppData\Local\Temp\nso93F1.tmp$C:\Users\user\AppData\Local\Temp\nso93F1.tmp\System.dll$C:\Users\user\entomostraca\nonmissionary$Call
                                      • API String ID: 1941528284-790460646
                                      • Opcode ID: b7839a92209b7c6b3c8202a481ff6992844c1a0f6516a3d4c6bbc740c4310d88
                                      • Instruction ID: 5e97bff851cc073dc2a03fd3a0d2357d8c44b4856d4f0a7a75adeada814ade30
                                      • Opcode Fuzzy Hash: b7839a92209b7c6b3c8202a481ff6992844c1a0f6516a3d4c6bbc740c4310d88
                                      • Instruction Fuzzy Hash: 7A41E771A10516BACF107BA5DC86DAF3A78DF45369B20823BF525F11E1C63C8A418E6D
                                      Function 0040551C Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 39COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 673 40551c-405567 CreateDirectoryA 674 405569-40556b 673->674 675 40556d-40557a GetLastError 673->675 676 405594-405596 674->676 675->676 677 40557c-405590 SetFileSecurityA 675->677 677->674 678 405592 GetLastError 677->678 678->676
                                      APIs
                                      • CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 0040555F
                                      • GetLastError.KERNEL32 ref: 00405573
                                      • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 00405588
                                      • GetLastError.KERNEL32 ref: 00405592
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: ErrorLast$CreateDirectoryFileSecurity
                                      • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$ds@$ts@
                                      • API String ID: 3449924974-3946084282
                                      • Opcode ID: 96d3186a9d907c4a04f4d560a3e7b71f397f10da171c1ba48397c58d76b22fd5
                                      • Instruction ID: 8a370a5fbdfdad71dc8e0bfd81c54348e454926cd11c3a1ff2f48966e6f5c6f5
                                      • Opcode Fuzzy Hash: 96d3186a9d907c4a04f4d560a3e7b71f397f10da171c1ba48397c58d76b22fd5
                                      • Instruction Fuzzy Hash: D0010871D04259EAEF01DBA1CC447EFBBB9EB04354F00857AD904B6290E378A604CFAA
                                      Function 00401D95 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      APIs
                                      • GetDC.USER32(?), ref: 00401D98
                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401DB2
                                      • MulDiv.KERNEL32(00000000,00000000), ref: 00401DBA
                                      • ReleaseDC.USER32(?,00000000), ref: 00401DCB
                                      • CreateFontIndirectA.GDI32(0040A7F0), ref: 00401E1A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: CapsCreateDeviceFontIndirectRelease
                                      • String ID: Tahoma
                                      • API String ID: 3808545654-3580928618
                                      • Opcode ID: 5a929b086c2214fe81328bccccd3592f410a32eb723e9816faecc0aebfec5a22
                                      • Instruction ID: 962fd9b87f23d05f09829d6e62e81eb88b122f60c97e2af10dcf53a19e6500d2
                                      • Opcode Fuzzy Hash: 5a929b086c2214fe81328bccccd3592f410a32eb723e9816faecc0aebfec5a22
                                      • Instruction Fuzzy Hash: B0015272948340AFE7006BB0AE49F997FF4A715305F108479F241B62E2C67954569F3E
                                      Function 00406259 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 688 406259-406279 GetSystemDirectoryA 689 40627b 688->689 690 40627d-40627f 688->690 689->690 691 406281-406289 690->691 692 40628f-406291 690->692 691->692 693 40628b-40628d 691->693 694 406292-4062c4 wsprintfA LoadLibraryExA 692->694 693->694
                                      APIs
                                      • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00406270
                                      • wsprintfA.USER32 ref: 004062A9
                                      • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 004062BD
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: DirectoryLibraryLoadSystemwsprintf
                                      • String ID: %s%s.dll$UXTHEME$\
                                      • API String ID: 2200240437-4240819195
                                      • Opcode ID: c1c6f81e5f0925475fc46656834228b64d6aad10adaabf52e6c46f27d1be3297
                                      • Instruction ID: 482dcefc063d93e198aa1db7e000bfd15e9281d4181d763578a6ff71fc22a1d9
                                      • Opcode Fuzzy Hash: c1c6f81e5f0925475fc46656834228b64d6aad10adaabf52e6c46f27d1be3297
                                      • Instruction Fuzzy Hash: EAF0F630A10109AEDF14ABA4DD0DFFB375CAB08304F1405BAB64AE11D2E678E9248B69
                                      Function 00402F81 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 155COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 695 402f81-402f95 696 402f97 695->696 697 402f9e-402fa6 695->697 696->697 698 402fa8 697->698 699 402fad-402fb2 697->699 698->699 700 402fc2-402fcf call 40315d 699->700 701 402fb4-402fbd call 403173 699->701 705 403114 700->705 706 402fd5-402fd9 700->706 701->700 709 403116-403117 705->709 707 4030fd-4030ff 706->707 708 402fdf-402fff GetTickCount call 4063ec 706->708 710 403101-403104 707->710 711 403148-40314c 707->711 719 403153 708->719 721 403005-40300d 708->721 713 403156-40315a 709->713 714 403106 710->714 715 403109-403112 call 40315d 710->715 716 403119-40311f 711->716 717 40314e 711->717 714->715 715->705 728 403150 715->728 722 403121 716->722 723 403124-403132 call 40315d 716->723 717->719 719->713 725 403012-403020 call 40315d 721->725 726 40300f 721->726 722->723 723->705 732 403134-403140 call 405b6f 723->732 725->705 734 403026-40302f 725->734 726->725 728->719 737 403142-403145 732->737 738 4030f9-4030fb 732->738 736 403035-403052 call 40640c 734->736 741 4030f5-4030f7 736->741 742 403058-40306f GetTickCount 736->742 737->711 738->709 741->709 743 403071-403079 742->743 744 4030b4-4030b6 742->744 745 403081-4030b1 MulDiv wsprintfA call 405056 743->745 746 40307b-40307f 743->746 747 4030b8-4030bc 744->747 748 4030e9-4030ed 744->748 745->744 746->744 746->745 750 4030d1-4030d7 747->750 751 4030be-4030c3 call 405b6f 747->751 748->721 752 4030f3 748->752 755 4030dd-4030e1 750->755 756 4030c8-4030ca 751->756 752->719 755->736 757 4030e7 755->757 756->738 758 4030cc-4030cf 756->758 757->719 758->755
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: CountTick$wsprintf
                                      • String ID: ... %d%%
                                      • API String ID: 551687249-2449383134
                                      • Opcode ID: 167b5ca0bfb3e57695ff9e62e4c69d0835ce9269e9eafab78b1523a358312806
                                      • Instruction ID: 60d675f18a734e15d0b5dd350d1cecbd4da5e6a0cde0341d3a53a3cb480860e8
                                      • Opcode Fuzzy Hash: 167b5ca0bfb3e57695ff9e62e4c69d0835ce9269e9eafab78b1523a358312806
                                      • Instruction Fuzzy Hash: FA519F71901219DBCB10EF65D9046AF7BB8AB04756F14413BF811B72C1C7789E51CBAA
                                      Function 00405AF7 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 759 405af7-405b01 760 405b02-405b2d GetTickCount GetTempFileNameA 759->760 761 405b3c-405b3e 760->761 762 405b2f-405b31 760->762 764 405b36-405b39 761->764 762->760 763 405b33 762->763 763->764
                                      APIs
                                      • GetTickCount.KERNEL32 ref: 00405B0B
                                      • GetTempFileNameA.KERNELBASE(?,?,00000000,?,?,00000006,00000008,0000000A), ref: 00405B25
                                      Strings
                                      • nsa, xrefs: 00405B02
                                      • "C:\Users\user\Desktop\rTransferenciarealizada451236.exe", xrefs: 00405AF7
                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 00405AFA
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: CountFileNameTempTick
                                      • String ID: "C:\Users\user\Desktop\rTransferenciarealizada451236.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                      • API String ID: 1716503409-1147887966
                                      • Opcode ID: 4f71c4811bd2189c67125445424a5cfd250d6f6759894b34be1bee502b12972b
                                      • Instruction ID: d7521d4eade0cbd7120b41c29d2b11454b957a1e542ceee7a25420a70a1b98fd
                                      • Opcode Fuzzy Hash: 4f71c4811bd2189c67125445424a5cfd250d6f6759894b34be1bee502b12972b
                                      • Instruction Fuzzy Hash: CFF082367082047BDB108F56DC04B9B7FA8DF91750F10803BFA08AA291D6B4B9558B69
                                      Function 100016BD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 765 100016bd-100016f9 call 10001a5d 769 1000180a-1000180c 765->769 770 100016ff-10001703 765->770 771 10001705-1000170b call 100021b0 770->771 772 1000170c-10001719 call 100021fa 770->772 771->772 777 10001749-10001750 772->777 778 1000171b-10001720 772->778 779 10001770-10001774 777->779 780 10001752-1000176e call 100023d8 call 10001559 call 10001266 GlobalFree 777->780 781 10001722-10001723 778->781 782 1000173b-1000173e 778->782 787 100017b2-100017b8 call 100023d8 779->787 788 10001776-100017b0 call 10001559 call 100023d8 779->788 804 100017b9-100017bd 780->804 785 10001725-10001726 781->785 786 1000172b-1000172c call 100027e4 781->786 782->777 783 10001740-10001741 call 10002a9f 782->783 796 10001746 783->796 792 10001733-10001739 call 10002587 785->792 793 10001728-10001729 785->793 799 10001731 786->799 787->804 788->804 803 10001748 792->803 793->777 793->786 796->803 799->796 803->777 808 100017fa-10001801 804->808 809 100017bf-100017cd call 1000239e 804->809 808->769 811 10001803-10001804 GlobalFree 808->811 815 100017e5-100017ec 809->815 816 100017cf-100017d2 809->816 811->769 815->808 818 100017ee-100017f9 call 100014e2 815->818 816->815 817 100017d4-100017dc 816->817 817->815 819 100017de-100017df FreeLibrary 817->819 818->808 819->815
                                      APIs
                                        • Part of subcall function 10001A5D: GlobalFree.KERNEL32(?), ref: 10001CC4
                                        • Part of subcall function 10001A5D: GlobalFree.KERNEL32(?), ref: 10001CC9
                                        • Part of subcall function 10001A5D: GlobalFree.KERNEL32(?), ref: 10001CCE
                                      • GlobalFree.KERNEL32(00000000), ref: 10001768
                                      • FreeLibrary.KERNEL32(?), ref: 100017DF
                                      • GlobalFree.KERNEL32(00000000), ref: 10001804
                                        • Part of subcall function 100021B0: GlobalAlloc.KERNEL32(00000040,7D8BEC45), ref: 100021E2
                                        • Part of subcall function 10002587: GlobalAlloc.KERNEL32(00000040,?,?,?,00000000,?,?,?,?,10001739,00000000), ref: 100025F9
                                        • Part of subcall function 10001559: lstrcpyA.KERNEL32(00000000,?,00000000,10001695,00000000), ref: 10001572
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2681703375.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000000.00000002.2681669982.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000000.00000002.2681728208.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000000.00000002.2681751281.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_10000000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: Global$Free$Alloc$Librarylstrcpy
                                      • String ID:
                                      • API String ID: 1791698881-3916222277
                                      • Opcode ID: 87444a894296e8d40cc63a4c2e1c416a7af340e3bff12e61cd27f34ad68e5005
                                      • Instruction ID: 474564f2ddd1a30fda7ef2e88bb39d7445f8f4f5c00c78564696995dcbc9c57a
                                      • Opcode Fuzzy Hash: 87444a894296e8d40cc63a4c2e1c416a7af340e3bff12e61cd27f34ad68e5005
                                      • Instruction Fuzzy Hash: C4319E79408205DAFB41DF649CC5BCA37ECFB042D5F118465FA0A9A09EDF78A8858B60
                                      Function 00401C04 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 822 401c04-401c24 call 402a9f * 2 827 401c30-401c34 822->827 828 401c26-401c2d call 402ac1 822->828 830 401c40-401c46 827->830 831 401c36-401c3d call 402ac1 827->831 828->827 834 401c94-401cba call 402ac1 * 2 FindWindowExA 830->834 835 401c48-401c64 call 402a9f * 2 830->835 831->830 845 401cc0 834->845 846 401c84-401c92 SendMessageA 835->846 847 401c66-401c82 SendMessageTimeoutA 835->847 848 401cc3-401cc6 845->848 846->845 847->848 849 402951-402960 848->849 850 401ccc 848->850 850->849
                                      APIs
                                      • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C74
                                      • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C8C
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: MessageSend$Timeout
                                      • String ID: !
                                      • API String ID: 1777923405-2657877971
                                      • Opcode ID: 756893ed4847bb0bd72a5117efa2a57ba430928b3e2712cee879890b773371fc
                                      • Instruction ID: 91203bd525acade81736f390ad8a27fd027b74ba1091a33c19100adfebe27d64
                                      • Opcode Fuzzy Hash: 756893ed4847bb0bd72a5117efa2a57ba430928b3e2712cee879890b773371fc
                                      • Instruction Fuzzy Hash: 6C218E71E44209BEEB159FA5D946AAD7BB0EB84304F14803EF505F61D1DA788A408F28
                                      Function 004023D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 853 4023d0-4023f7 call 402ac1 * 2 call 402b51 859 4023fc-402401 853->859 860 402951-402960 859->860 861 402407-402411 859->861 863 402421-402424 861->863 864 402413-402420 call 402ac1 lstrlenA 861->864 865 402426-402437 call 402a9f 863->865 866 402438-40243b 863->866 864->863 865->866 870 40244c-402460 RegSetValueExA 866->870 871 40243d-402447 call 402f81 866->871 875 402462 870->875 876 402465-402542 RegCloseKey 870->876 871->870 875->876 876->860 878 402716-40271d 876->878 878->860
                                      APIs
                                      • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nso93F1.tmp,00000023,00000011,00000002), ref: 0040241B
                                      • RegSetValueExA.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nso93F1.tmp,00000000,00000011,00000002), ref: 00402458
                                      • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nso93F1.tmp,00000000,00000011,00000002), ref: 0040253C
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: CloseValuelstrlen
                                      • String ID: C:\Users\user\AppData\Local\Temp\nso93F1.tmp
                                      • API String ID: 2655323295-2646963797
                                      • Opcode ID: 92402a25989933958cde62f5f4c9b52c1ec49fe5de432524af3fa63fefbfe55f
                                      • Instruction ID: 28bb7349c914475f87156df35d792e00a89fe725c314cf9248e6016116a520b3
                                      • Opcode Fuzzy Hash: 92402a25989933958cde62f5f4c9b52c1ec49fe5de432524af3fa63fefbfe55f
                                      • Instruction Fuzzy Hash: 81115171E00115BEDF10EFA5EE89AAEBA74EB54714F20403BF908F61D1C6B85D419B29
                                      Function 004059B5 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46stringCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 879 4059b5-4059d0 call 405f2f call 405960 884 4059d2-4059d4 879->884 885 4059d6-4059e3 call 406199 879->885 886 405a28-405a2a 884->886 889 4059e5-4059e9 885->889 890 4059ef-4059f1 885->890 889->884 891 4059eb-4059ed 889->891 892 405a07-405a10 lstrlenA 890->892 891->884 891->890 893 405a12-405a26 call 4058c7 GetFileAttributesA 892->893 894 4059f3-4059fa call 406232 892->894 893->886 899 405a01-405a02 call 40590e 894->899 900 4059fc-4059ff 894->900 899->892 900->884 900->899
                                      APIs
                                        • Part of subcall function 00405F2F: lstrcpynA.KERNEL32(?,?,00000400,0040328D,00422F00,NSIS Error,?,00000006,00000008,0000000A), ref: 00405F3C
                                        • Part of subcall function 00405960: CharNextA.USER32(?,?,Esophagostenosis199.Dok14,?,004059CC,Esophagostenosis199.Dok14,Esophagostenosis199.Dok14,74DF3410,?,C:\Users\user\AppData\Local\Temp\,00405717,?,74DF3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 0040596E
                                        • Part of subcall function 00405960: CharNextA.USER32(00000000), ref: 00405973
                                        • Part of subcall function 00405960: CharNextA.USER32(00000000), ref: 00405987
                                      • lstrlenA.KERNEL32(Esophagostenosis199.Dok14,00000000,Esophagostenosis199.Dok14,Esophagostenosis199.Dok14,74DF3410,?,C:\Users\user\AppData\Local\Temp\,00405717,?,74DF3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405A08
                                      • GetFileAttributesA.KERNELBASE(Esophagostenosis199.Dok14,Esophagostenosis199.Dok14,Esophagostenosis199.Dok14,Esophagostenosis199.Dok14,Esophagostenosis199.Dok14,Esophagostenosis199.Dok14,00000000,Esophagostenosis199.Dok14,Esophagostenosis199.Dok14,74DF3410,?,C:\Users\user\AppData\Local\Temp\,00405717,?,74DF3410,C:\Users\user\AppData\Local\Temp\), ref: 00405A18
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                      • String ID: C:\Users\user\AppData\Local\Temp\$Esophagostenosis199.Dok14
                                      • API String ID: 3248276644-3026383727
                                      • Opcode ID: 1798501a893aa51cf33724b967df125bb5b79cc73e901e6a487cbcc52799f4ac
                                      • Instruction ID: 1994e1ad2c5e9883225bba15f0e05bd5e2410f9dbe362fa4db8952c1f9a8588a
                                      • Opcode Fuzzy Hash: 1798501a893aa51cf33724b967df125bb5b79cc73e901e6a487cbcc52799f4ac
                                      • Instruction Fuzzy Hash: B3F04CB6205D5296C622333A1C066EF2A55CE86334719463FF891B13D2DB3C8913DD7E
                                      Function 00401FFD Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00402028
                                        • Part of subcall function 00405056: lstrlenA.KERNEL32(0041F4E8,00000000,0040E8C0,00000000,?,?,?,?,?,?,?,?,?,004030B1,00000000,?), ref: 0040508F
                                        • Part of subcall function 00405056: lstrlenA.KERNEL32(004030B1,0041F4E8,00000000,0040E8C0,00000000,?,?,?,?,?,?,?,?,?,004030B1,00000000), ref: 0040509F
                                        • Part of subcall function 00405056: lstrcatA.KERNEL32(0041F4E8,004030B1,004030B1,0041F4E8,00000000,0040E8C0,00000000), ref: 004050B2
                                        • Part of subcall function 00405056: SetWindowTextA.USER32(0041F4E8,0041F4E8), ref: 004050C4
                                        • Part of subcall function 00405056: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004050EA
                                        • Part of subcall function 00405056: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405104
                                        • Part of subcall function 00405056: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405112
                                      • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00402038
                                      • GetProcAddress.KERNEL32(00000000,?), ref: 00402048
                                      • FreeLibrary.KERNELBASE(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 004020B2
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                      • String ID:
                                      • API String ID: 2987980305-0
                                      • Opcode ID: 3ec78819d622ed86bae178855df993612b78117d9056a0a9d79db71722311b1c
                                      • Instruction ID: 772c7401ca61f63a6a86f526de26f8a62e510dd82d200dd974b96084c7de1680
                                      • Opcode Fuzzy Hash: 3ec78819d622ed86bae178855df993612b78117d9056a0a9d79db71722311b1c
                                      • Instruction Fuzzy Hash: 7F21DB71B04225B7CF207FA48E49B6E7A70AB44358F20413BFB15B22D0D7BD8942D65E
                                      Function 004015BB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 00405960: CharNextA.USER32(?,?,Esophagostenosis199.Dok14,?,004059CC,Esophagostenosis199.Dok14,Esophagostenosis199.Dok14,74DF3410,?,C:\Users\user\AppData\Local\Temp\,00405717,?,74DF3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 0040596E
                                        • Part of subcall function 00405960: CharNextA.USER32(00000000), ref: 00405973
                                        • Part of subcall function 00405960: CharNextA.USER32(00000000), ref: 00405987
                                      • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 0040160D
                                        • Part of subcall function 0040551C: CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 0040555F
                                      • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\entomostraca\nonmissionary,00000000,00000000,000000F0), ref: 0040163C
                                      Strings
                                      • C:\Users\user\entomostraca\nonmissionary, xrefs: 00401631
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                      • String ID: C:\Users\user\entomostraca\nonmissionary
                                      • API String ID: 1892508949-2042944658
                                      • Opcode ID: c3dc61fa4864d68a63a0ff324977f2f4971824b7823c1438af4a242a8e85a59c
                                      • Instruction ID: a466de0d3f6f2377f24be2a4188d25ee0cffe6e715a209702fc6e54bc549958f
                                      • Opcode Fuzzy Hash: c3dc61fa4864d68a63a0ff324977f2f4971824b7823c1438af4a242a8e85a59c
                                      • Instruction Fuzzy Hash: 78112731608151EBCF217FB54C415BF2AB0DA96324B28053FE8D1B22E2D63D4D429A3F
                                      Function 00405E16 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • RegQueryValueExA.KERNELBASE(?,?,00000000,?,?,00000400,Call,0041F4E8,?,?,?,00000002,Call,?,0040605A,80000002), ref: 00405E5C
                                      • RegCloseKey.KERNELBASE(?,?,0040605A,80000002,Software\Microsoft\Windows\CurrentVersion,Call,Call,Call,?,0041F4E8), ref: 00405E67
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: CloseQueryValue
                                      • String ID: Call
                                      • API String ID: 3356406503-1824292864
                                      • Opcode ID: 7b6985f489d275b5e18cb7da4513705b49726bce843ff3f436f22320446d3563
                                      • Instruction ID: 33be00f72f12327029ad1653fb2bc99e6b823e337a66ede3503504709cbc349d
                                      • Opcode Fuzzy Hash: 7b6985f489d275b5e18cb7da4513705b49726bce843ff3f436f22320446d3563
                                      • Instruction Fuzzy Hash: 31015A72504209AEDF228F61CC09FEB3BA8EF55364F008426FE59A2190D778DA54CFA4
                                      Function 004055CE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00421510,Error launching installer), ref: 004055F7
                                      • CloseHandle.KERNEL32(?), ref: 00405604
                                      Strings
                                      • Error launching installer, xrefs: 004055E1
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: CloseCreateHandleProcess
                                      • String ID: Error launching installer
                                      • API String ID: 3712363035-66219284
                                      • Opcode ID: 0a67d81f0dbc2c48957f366610cafbe47269508c26dde6c53db592e432081f5d
                                      • Instruction ID: f1ce92c91028e46d95f0eda4fe37c0312dcd0371124bcb88e834d1219d8c4f53
                                      • Opcode Fuzzy Hash: 0a67d81f0dbc2c48957f366610cafbe47269508c26dde6c53db592e432081f5d
                                      • Instruction Fuzzy Hash: 5BE04FF0A00209BFEB009B60EC05F7B7ABCEB00748F404961BD11F31A0E374A9108A79
                                      Function 004069F0 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 55cd16da708e23aec6a838b73e901bfe03af6665630861bb5c569519520454bd
                                      • Instruction ID: c387c58543e41996c7b199f294dd4e3f2d8ae9e2c90db5b1f56269fb3149e58b
                                      • Opcode Fuzzy Hash: 55cd16da708e23aec6a838b73e901bfe03af6665630861bb5c569519520454bd
                                      • Instruction Fuzzy Hash: 32A14271E00229CBDF28CFA8C8587ADBBB1FF44305F15806AD856BB281D7785A96DF44
                                      Function 00406BF1 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 320ecdc90cbab0b9bf19e530f323a115307d17d478260d9a41c0a63678b5b88a
                                      • Instruction ID: c0a55b7bb8cda596ca91e270a613f9aea3b485865d608933a43e484043593474
                                      • Opcode Fuzzy Hash: 320ecdc90cbab0b9bf19e530f323a115307d17d478260d9a41c0a63678b5b88a
                                      • Instruction Fuzzy Hash: 45913374D00229CBDF28CF98C8587ADBBB1FF44305F15812AD816BB291C7785996DF48
                                      Function 00406907 Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4092221e86ab5222082a79c128cb789b468c9c6112b2c9e1203115320ceab273
                                      • Instruction ID: 33bdc002aa07cba8751fe1bb89261eb1bbd9089b315c8d097eab8488b12144ec
                                      • Opcode Fuzzy Hash: 4092221e86ab5222082a79c128cb789b468c9c6112b2c9e1203115320ceab273
                                      • Instruction Fuzzy Hash: 19814575D04228DFDF24CFA8C8847ADBBB1FB44305F25816AD816BB291C7389A96DF44
                                      Function 0040640C Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a9b85a074dbd17559818524a47274955f7f908a271802c30195d609476ec7543
                                      • Instruction ID: 368e1e7272001cfb6f2dd5e39cf93d71f7d9f1f25059b380f60c2813f7b9aa4b
                                      • Opcode Fuzzy Hash: a9b85a074dbd17559818524a47274955f7f908a271802c30195d609476ec7543
                                      • Instruction Fuzzy Hash: 00818735D04228DBDF28CFA8C8447ADBBB1FB44305F21816AD856BB2C1D7785A96DF48
                                      Function 0040685A Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 05e0991df275fe04e69e24ab9d87d2bf1db0f1f681a575424d6ee50318c34d6b
                                      • Instruction ID: 563e9c7bfc12ab1e5735381274df4cd9413df1207b4ba467b436c4b8586dcceb
                                      • Opcode Fuzzy Hash: 05e0991df275fe04e69e24ab9d87d2bf1db0f1f681a575424d6ee50318c34d6b
                                      • Instruction Fuzzy Hash: C9713471D04228DFDF28CFA8C884BADBBB1FB44305F15806AD816B7291D7389996DF58
                                      Function 00406978 Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 51e8a78d7989ecdb0a9d35429efa0a8906fb135c8ca24dc2c1ed10a6651990fe
                                      • Instruction ID: 7154c5ac750784d404653f653373d782701dde13a8780768b6f209b569f9d9aa
                                      • Opcode Fuzzy Hash: 51e8a78d7989ecdb0a9d35429efa0a8906fb135c8ca24dc2c1ed10a6651990fe
                                      • Instruction Fuzzy Hash: 61714471D04228DBDF28CFA8C894BADBBB1FB44305F15806AD816BB291C7385996DF48
                                      Function 004068C4 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c27dc6e5a0a86cb3c75e96e92f3c4bfdd7bca547c1c201786b56e13d92a68def
                                      • Instruction ID: 6d4e519aaefd354d35621c14bbf49efb9ee6a20a3da98f77445617ba41e869e3
                                      • Opcode Fuzzy Hash: c27dc6e5a0a86cb3c75e96e92f3c4bfdd7bca547c1c201786b56e13d92a68def
                                      • Instruction Fuzzy Hash: 64715771D04229DBEF28CF98C844BADBBB1FF44305F15806AD816B7291C7389996DF48
                                      Function 004024DF Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • RegEnumKeyA.ADVAPI32(00000000,00000000,?,000003FF), ref: 00402511
                                      • RegEnumValueA.ADVAPI32(00000000,00000000,?,?), ref: 00402524
                                      • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nso93F1.tmp,00000000,00000011,00000002), ref: 0040253C
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: Enum$CloseValue
                                      • String ID:
                                      • API String ID: 397863658-0
                                      • Opcode ID: fcc7478efac8790cb65f2fc2ac921ec431ecf4c8fc47680fcb9af08646fc554f
                                      • Instruction ID: ef6c1c8de93ba874c4c9f78a8b9be625a776c1f18011becf49e8381ad91f8e57
                                      • Opcode Fuzzy Hash: fcc7478efac8790cb65f2fc2ac921ec431ecf4c8fc47680fcb9af08646fc554f
                                      • Instruction Fuzzy Hash: CC01B1B1A04105BFE7159F699D9CABF7ABCDF40348F10403EF405A61C0D6B85E419769
                                      Function 100027E4 Relevance: 3.2, APIs: 2, Instructions: 156memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • VirtualAllocEx.KERNELBASE(00000000), ref: 100028A3
                                      • GetLastError.KERNEL32 ref: 100029AA
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2681703375.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000000.00000002.2681669982.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000000.00000002.2681728208.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000000.00000002.2681751281.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_10000000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: AllocErrorLastVirtual
                                      • String ID:
                                      • API String ID: 497505419-0
                                      • Opcode ID: 06dad9edf242867fa2d433b3a0ae819eccaab9780a225514c3bf782f990559be
                                      • Instruction ID: 7088a7f0c219bdfd589eed4d744adbaf06b55c7882bf085a68ef70f7e309f44b
                                      • Opcode Fuzzy Hash: 06dad9edf242867fa2d433b3a0ae819eccaab9780a225514c3bf782f990559be
                                      • Instruction Fuzzy Hash: 385194BA908215DFF711EF60D9C575937A8EB443E0F21842AEA08E721DDF34A9818B55
                                      Function 0040246D Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • RegQueryValueExA.ADVAPI32(00000000,00000000,?,?,?,?), ref: 0040249D
                                      • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nso93F1.tmp,00000000,00000011,00000002), ref: 0040253C
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: CloseQueryValue
                                      • String ID:
                                      • API String ID: 3356406503-0
                                      • Opcode ID: 3fa1dbed21761f6266f2340716bee5225554f786235ea4fcaf6e96b41bfef97b
                                      • Instruction ID: 63a70339494f01f517971b4c744e8c56bc188a86961079fa301cce11f67856c5
                                      • Opcode Fuzzy Hash: 3fa1dbed21761f6266f2340716bee5225554f786235ea4fcaf6e96b41bfef97b
                                      • Instruction Fuzzy Hash: E211C471A05205FEDB15CF64DA885BF7AB4DF04344F20407FE546B62C0D2B88A42DB69
                                      Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                      • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: MessageSend
                                      • String ID:
                                      • API String ID: 3850602802-0
                                      • Opcode ID: 3be8b2c82b9d5296ba031bde5fc3ac6967fc1ef6e00b1cb2986e69e81292ed92
                                      • Instruction ID: 2eeecbca978bd34a3a2c87f0a48c5f542c226d41099ae67583a71d3d142e8862
                                      • Opcode Fuzzy Hash: 3be8b2c82b9d5296ba031bde5fc3ac6967fc1ef6e00b1cb2986e69e81292ed92
                                      • Instruction Fuzzy Hash: 80012831724210ABE7294B389D04B6A369CE710328F11823BF811F72F1D6B8DC42DB4D
                                      Function 0040237B Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • RegDeleteValueA.ADVAPI32(00000000,00000000,00000033), ref: 0040239C
                                      • RegCloseKey.ADVAPI32(00000000), ref: 004023A5
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: CloseDeleteValue
                                      • String ID:
                                      • API String ID: 2831762973-0
                                      • Opcode ID: 8900394cafd5be30545282fb353c935dfe98617efc2bb455426e9afa9d5f6f5c
                                      • Instruction ID: 657cac93a74d736290c89acfa7952abe2352d4aaae982d756939229d69902e79
                                      • Opcode Fuzzy Hash: 8900394cafd5be30545282fb353c935dfe98617efc2bb455426e9afa9d5f6f5c
                                      • Instruction Fuzzy Hash: 07F09672B04111ABD710AFB89A8EABE76A89B80354F25003FFA05B71C1D5FC5D02476D
                                      Function 00401A1E Relevance: 3.0, APIs: 2, Instructions: 30stringCOMMON
                                      Download Yara Rule
                                      APIs
                                      • ExpandEnvironmentStringsA.KERNELBASE(00000000,?,00000400,00000001), ref: 00401A31
                                      • lstrcmpA.KERNEL32(?,?,?,00000400,00000001), ref: 00401A44
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: EnvironmentExpandStringslstrcmp
                                      • String ID:
                                      • API String ID: 1938659011-0
                                      • Opcode ID: 90ac17a84bebba3ece330ba16aed20dba6a3657c2d2ef54ac2288f1ddebe0ac5
                                      • Instruction ID: d418ee74975318b4df07fc170813555c2b4b21205ce6e7ea257dd7ae4b230a47
                                      • Opcode Fuzzy Hash: 90ac17a84bebba3ece330ba16aed20dba6a3657c2d2ef54ac2288f1ddebe0ac5
                                      • Instruction Fuzzy Hash: 78F0A771B09241FBCF20DF659D48A9B7FE8EF91354B10803BE549F6290D2388901CB6D
                                      Function 00401E25 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                      Download Yara Rule
                                      APIs
                                      • ShowWindow.USER32(00000000,00000000), ref: 00401E43
                                      • EnableWindow.USER32(00000000,00000000), ref: 00401E4E
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: Window$EnableShow
                                      • String ID:
                                      • API String ID: 1136574915-0
                                      • Opcode ID: 4b7b4c043660e1c59b921f720d882921bddbf86ae9cc818ffa22fb1dfc7ebc4e
                                      • Instruction ID: 809d843a260572306a8a1f4cab9c35c5b8aac9fdd72294bdbb1c41639dd67a74
                                      • Opcode Fuzzy Hash: 4b7b4c043660e1c59b921f720d882921bddbf86ae9cc818ffa22fb1dfc7ebc4e
                                      • Instruction Fuzzy Hash: 19E012B2F08211AFDB14EBB5A9495AD77B4EB40315B10403BE415F11D1DA7898419F59
                                      Function 004062C7 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetModuleHandleA.KERNEL32(?,?,?,0040322E,0000000A), ref: 004062D9
                                      • GetProcAddress.KERNEL32(00000000,?), ref: 004062F4
                                        • Part of subcall function 00406259: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00406270
                                        • Part of subcall function 00406259: wsprintfA.USER32 ref: 004062A9
                                        • Part of subcall function 00406259: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 004062BD
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                      • String ID:
                                      • API String ID: 2547128583-0
                                      • Opcode ID: a3d13027c8eccd2d0cc6aa0f1dea92ffe2580633c4132c5b9e113a6e73deba4a
                                      • Instruction ID: 3d2559cad02f3f2c9522d4b64a0f21e72dff4147d54ae6b068db265a7fe850db
                                      • Opcode Fuzzy Hash: a3d13027c8eccd2d0cc6aa0f1dea92ffe2580633c4132c5b9e113a6e73deba4a
                                      • Instruction Fuzzy Hash: 10E08C32A08111ABD3217B749D0493B77A89F8470030208BEF90AF2190D738EC61A6AD
                                      Function 00405AC8 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetFileAttributesA.KERNELBASE(?,00402D88,C:\Users\user\Desktop\rTransferenciarealizada451236.exe,80000000,?), ref: 00405ACC
                                      • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405AEE
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: File$AttributesCreate
                                      • String ID:
                                      • API String ID: 415043291-0
                                      • Opcode ID: 3bf94be8ffed2da7c2b8ff60cd5efa52f63dfdc5f5010c3a9122643b4e997265
                                      • Instruction ID: 2f873e3f3c43f12a3908621a4267836d753c9203ad123c8b10a06e7f93ada197
                                      • Opcode Fuzzy Hash: 3bf94be8ffed2da7c2b8ff60cd5efa52f63dfdc5f5010c3a9122643b4e997265
                                      • Instruction Fuzzy Hash: C7D09E31658201EFEF098F20DD16F2EBBA2EB84B00F10962CB642944E0D6715815AB16
                                      Function 00405599 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateDirectoryA.KERNELBASE(?,00000000,004031AE,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004033CF,?,00000006,00000008,0000000A), ref: 0040559F
                                      • GetLastError.KERNEL32(?,00000006,00000008,0000000A), ref: 004055AD
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: CreateDirectoryErrorLast
                                      • String ID:
                                      • API String ID: 1375471231-0
                                      • Opcode ID: 6853200a5fdab59dd982fbc96a9ce2e8b021ac935e945b0af5f1b11de4538164
                                      • Instruction ID: 609e72d12c2576d63fea847a2789036c648b4b30b0b2df40a2479a0d359059ce
                                      • Opcode Fuzzy Hash: 6853200a5fdab59dd982fbc96a9ce2e8b021ac935e945b0af5f1b11de4538164
                                      • Instruction Fuzzy Hash: 80C04C70609502EAEA515B319E08B177A66AB50741F1189356106F41F4D6349551D93F
                                      Function 004025C4 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: wsprintf
                                      • String ID:
                                      • API String ID: 2111968516-0
                                      • Opcode ID: 74ca39bbbd804aa602646999ba882f39cb878d7c957e83237b80ad80dd69cedf
                                      • Instruction ID: 956fa7c1ac5fd2fee95ffccb562befede2bee6639ec42e1b74788dc4a807bfe2
                                      • Opcode Fuzzy Hash: 74ca39bbbd804aa602646999ba882f39cb878d7c957e83237b80ad80dd69cedf
                                      • Instruction Fuzzy Hash: 9921F970D04299BEDF318B699948ABEBF749F01304F0445BBE4D0B62D1C6BE8A81CF19
                                      Function 00402682 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                      Download Yara Rule
                                      APIs
                                      • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 004026A0
                                        • Part of subcall function 00405E8D: wsprintfA.USER32 ref: 00405E9A
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: FilePointerwsprintf
                                      • String ID:
                                      • API String ID: 327478801-0
                                      • Opcode ID: 6c434308d603cb3992d4ff97e514362f23aa1c186b2c62f117e7b07f80617c86
                                      • Instruction ID: 438a0968cd1424e10632e90f23a7a7bc90142d0226bb2e82878b66939b610ca6
                                      • Opcode Fuzzy Hash: 6c434308d603cb3992d4ff97e514362f23aa1c186b2c62f117e7b07f80617c86
                                      • Instruction Fuzzy Hash: C8E0EDB2B08116BFD701ABA5AA499BFABA8DB40315F10443BF545F10D1C67D89029B6E
                                      Function 004022F6 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                      Download Yara Rule
                                      APIs
                                      • WritePrivateProfileStringA.KERNEL32(00000000,00000000,?,00000000), ref: 0040232F
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: PrivateProfileStringWrite
                                      • String ID:
                                      • API String ID: 390214022-0
                                      • Opcode ID: 5d83d1b84d62c8bd7723ac6f7ea7449579613f64caaa87e0b821643eb94ca284
                                      • Instruction ID: b7879796e9067cc525d509484cb071c64809edfbcf7d7ae807fdf492fc310909
                                      • Opcode Fuzzy Hash: 5d83d1b84d62c8bd7723ac6f7ea7449579613f64caaa87e0b821643eb94ca284
                                      • Instruction Fuzzy Hash: 68E04F31B801246BDB207AF10ECE97F14989BC4744B39053ABE05B62C3DDBC4C414AB9
                                      Function 00405DE3 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • RegCreateKeyExA.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402B72,00000000,?,?), ref: 00405E0C
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: Create
                                      • String ID:
                                      • API String ID: 2289755597-0
                                      • Opcode ID: c5562a190e42d8950a0f575b3a357be24d756bd6a7e1ac790deddfd4386432da
                                      • Instruction ID: 886b7c25128ca983ce55bdf5257722b65075f69f9ffcdf2890c0b7a146ab9abd
                                      • Opcode Fuzzy Hash: c5562a190e42d8950a0f575b3a357be24d756bd6a7e1ac790deddfd4386432da
                                      • Instruction Fuzzy Hash: 33E0BF72110109BFDF095F51DD0AD7B361DEB04314F00492EFA05D4051E6B5A9206A65
                                      Function 00405B40 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403170,00000000,00000000,00402FCD,000000FF,00000004,00000000,00000000,00000000), ref: 00405B54
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: FileRead
                                      • String ID:
                                      • API String ID: 2738559852-0
                                      • Opcode ID: 1302354f14da4ac18fdfad316f10263800e98e90a47707ba9ec6b51f8bbd6d6c
                                      • Instruction ID: 4179e0c76098f610a2fd9102cb0c328980851925f4446f1dd22fc868df860445
                                      • Opcode Fuzzy Hash: 1302354f14da4ac18fdfad316f10263800e98e90a47707ba9ec6b51f8bbd6d6c
                                      • Instruction Fuzzy Hash: 8CE0EC32A1425EABDF109E659C00EEB7BBCEB05760F048432FD15E3150D235F921DBA9
                                      Function 00405B6F Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,00000020,?,0040313E,00000000,0040A8C0,00000020,0040A8C0,00000020,000000FF,00000004,00000000), ref: 00405B83
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: FileWrite
                                      • String ID:
                                      • API String ID: 3934441357-0
                                      • Opcode ID: c136fe23a15198738cdde8d9ae5bd390bad499becbb6fab094427491a2b8e812
                                      • Instruction ID: af6d97e9b78343fe008ce3e7999d984a763d513ea29e4df05d500f045cbeb3ca
                                      • Opcode Fuzzy Hash: c136fe23a15198738cdde8d9ae5bd390bad499becbb6fab094427491a2b8e812
                                      • Instruction Fuzzy Hash: B2E0EC3262425AABDF509E559C00AEB7BACEB05360F008436FD15E2151D635F8219FA5
                                      Function 10002709 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • VirtualProtect.KERNELBASE(1000404C,00000004,00000040,1000403C), ref: 10002727
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2681703375.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000000.00000002.2681669982.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000000.00000002.2681728208.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000000.00000002.2681751281.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_10000000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: ProtectVirtual
                                      • String ID:
                                      • API String ID: 544645111-0
                                      • Opcode ID: 18430b4f65034898945c85cbd496d0600587ffef3804861361c874148a7acf75
                                      • Instruction ID: e09dfa788fffc30199ef0a9f627684cb70e95bce5f527532b7ad3e980fb418b3
                                      • Opcode Fuzzy Hash: 18430b4f65034898945c85cbd496d0600587ffef3804861361c874148a7acf75
                                      • Instruction Fuzzy Hash: 67F09BF19092A0DEF360DF688CC47063FE4E3983D5B03852AE358F6269EB7441448B19
                                      Function 0040233A Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetPrivateProfileStringA.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 0040236D
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: PrivateProfileString
                                      • String ID:
                                      • API String ID: 1096422788-0
                                      • Opcode ID: 87ca484cdc6c73c1e829813bfd27d2dcf7183703ec879ee6fec4fd922c601bed
                                      • Instruction ID: 67da2805f158e0035f602913fcdc533986be1668159f44229c4ea465ce316489
                                      • Opcode Fuzzy Hash: 87ca484cdc6c73c1e829813bfd27d2dcf7183703ec879ee6fec4fd922c601bed
                                      • Instruction Fuzzy Hash: FCE08634F44204BADF10AFA19D49EAD3678AF41710F14403AFD547B0E2EAB844419B2D
                                      Function 00405DB5 Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • RegOpenKeyExA.KERNELBASE(00000000,?,00000000,?,?,0041F4E8,?,?,00405E43,0041F4E8,?,?,?,00000002,Call), ref: 00405DD9
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: Open
                                      • String ID:
                                      • API String ID: 71445658-0
                                      • Opcode ID: 688c0e3dac6200a4dcf5f70578aed2939ff3afbafb421f65443b8838c7a2b092
                                      • Instruction ID: 1bb1e450acb1cec7aaebab1a7e88d6b79e3e17733f6ed9cfc6e3f6d6de5b0954
                                      • Opcode Fuzzy Hash: 688c0e3dac6200a4dcf5f70578aed2939ff3afbafb421f65443b8838c7a2b092
                                      • Instruction Fuzzy Hash: D9D0123214024EBBDF115F909C05FAB3B2DEF04314F108827FE06A4090D375D530AB65
                                      Function 0040159D Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                      Download Yara Rule
                                      APIs
                                      • SetFileAttributesA.KERNELBASE(00000000,?,000000F0), ref: 004015A8
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: AttributesFile
                                      • String ID:
                                      • API String ID: 3188754299-0
                                      • Opcode ID: 9ad3368f28842b63240b43095d0b068e3f646c1f23794f7f91dbfbeff94efc4c
                                      • Instruction ID: e41715f0e6a8bf2c44c365c92f64d23a332030a9f95fc047605520203e95b8fc
                                      • Opcode Fuzzy Hash: 9ad3368f28842b63240b43095d0b068e3f646c1f23794f7f91dbfbeff94efc4c
                                      • Instruction Fuzzy Hash: 9BD012B6708111ABCB10DFA8AA4869D77A49B40325B308137D515F21D0E2B9C9456719
                                      Function 00403173 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                      Download Yara Rule
                                      APIs
                                      • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402F0F,?), ref: 00403181
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: FilePointer
                                      • String ID:
                                      • API String ID: 973152223-0
                                      • Opcode ID: 0070af3e33726fe8c9f5218e9eb5d27e4edbe1e9193197dd8736a9b9f47decae
                                      • Instruction ID: 49fdcfdf8b1973cd13611e97ba0bfafd8618b6cb304eeeee9131019f9f046fb0
                                      • Opcode Fuzzy Hash: 0070af3e33726fe8c9f5218e9eb5d27e4edbe1e9193197dd8736a9b9f47decae
                                      • Instruction Fuzzy Hash: 03B01271644200BFDA214F00DF05F057B21A790700F10C030B748380F082712420EB4D
                                      Function 00401EDB Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 00405056: lstrlenA.KERNEL32(0041F4E8,00000000,0040E8C0,00000000,?,?,?,?,?,?,?,?,?,004030B1,00000000,?), ref: 0040508F
                                        • Part of subcall function 00405056: lstrlenA.KERNEL32(004030B1,0041F4E8,00000000,0040E8C0,00000000,?,?,?,?,?,?,?,?,?,004030B1,00000000), ref: 0040509F
                                        • Part of subcall function 00405056: lstrcatA.KERNEL32(0041F4E8,004030B1,004030B1,0041F4E8,00000000,0040E8C0,00000000), ref: 004050B2
                                        • Part of subcall function 00405056: SetWindowTextA.USER32(0041F4E8,0041F4E8), ref: 004050C4
                                        • Part of subcall function 00405056: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004050EA
                                        • Part of subcall function 00405056: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405104
                                        • Part of subcall function 00405056: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405112
                                        • Part of subcall function 004055CE: CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00421510,Error launching installer), ref: 004055F7
                                        • Part of subcall function 004055CE: CloseHandle.KERNEL32(?), ref: 00405604
                                      • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401F20
                                        • Part of subcall function 0040633C: WaitForSingleObject.KERNEL32(?,00000064), ref: 0040634D
                                        • Part of subcall function 0040633C: GetExitCodeProcess.KERNEL32(?,?), ref: 0040636F
                                        • Part of subcall function 00405E8D: wsprintfA.USER32 ref: 00405E9A
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                      • String ID:
                                      • API String ID: 2972824698-0
                                      • Opcode ID: b0a501a9eafe77c97c2c496f47c0dc6ba7aad14b3677605ff562daff4fba8fe6
                                      • Instruction ID: 17f7953f0d5b7b21d2e535c202f5bbb1bf051249d0315c8d96c64ca666d5043c
                                      • Opcode Fuzzy Hash: b0a501a9eafe77c97c2c496f47c0dc6ba7aad14b3677605ff562daff4fba8fe6
                                      • Instruction Fuzzy Hash: FCF0BB71A05121ABCB20BF654D495EF66A4DF81314B10057BFA01B21D1C77C4E4146BE
                                      Function 004014D6 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                      Download Yara Rule
                                      APIs
                                      • Sleep.KERNELBASE(00000000), ref: 004014E9
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: Sleep
                                      • String ID:
                                      • API String ID: 3472027048-0
                                      • Opcode ID: 2d2ea165d73d518d9fd4fb0fa82b75b10d4384c3dbeee5eca3b70bc2a4399788
                                      • Instruction ID: f8516b803037c027809a6aaf5c02566bfb38bc0bc56e6af3c2ac612a391889ec
                                      • Opcode Fuzzy Hash: 2d2ea165d73d518d9fd4fb0fa82b75b10d4384c3dbeee5eca3b70bc2a4399788
                                      • Instruction Fuzzy Hash: BFD05EB3B14151AFDB14EBB9BD8845E77F4E7503153208837E812E2091E978C9424A28
                                      Function 10001215 Relevance: 1.3, APIs: 1, Instructions: 4memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GlobalAlloc.KERNELBASE(00000040,10001233,?,100012CF,-1000404B,100011AB,-000000A0), ref: 1000121D
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2681703375.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000000.00000002.2681669982.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000000.00000002.2681728208.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000000.00000002.2681751281.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_10000000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: AllocGlobal
                                      • String ID:
                                      • API String ID: 3761449716-0
                                      • Opcode ID: 6989041179a6ec659f8410a82a3610e1053cc9f4ca9d652552d89decbf4b4a90
                                      • Instruction ID: 35b308b173d9b0532f6cde55f5bface33093279d7ce3c78a2cc6db588f634b90
                                      • Opcode Fuzzy Hash: 6989041179a6ec659f8410a82a3610e1053cc9f4ca9d652552d89decbf4b4a90
                                      • Instruction Fuzzy Hash: 6CA002B1945620DBFE429BE08D9EF1B3B25E748781F01C040E315641BCCA754010DF39

                                      Non-executed Functions

                                      Function 004049D3 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetDlgItem.USER32(?,000003F9), ref: 004049EB
                                      • GetDlgItem.USER32(?,00000408), ref: 004049F6
                                      • GlobalAlloc.KERNEL32(00000040,?), ref: 00404A40
                                      • LoadBitmapA.USER32(0000006E), ref: 00404A53
                                      • SetWindowLongA.USER32(?,000000FC,00404FCA), ref: 00404A6C
                                      • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404A80
                                      • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404A92
                                      • SendMessageA.USER32(?,00001109,00000002), ref: 00404AA8
                                      • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404AB4
                                      • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 00404AC6
                                      • DeleteObject.GDI32(00000000), ref: 00404AC9
                                      • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 00404AF4
                                      • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404B00
                                      • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404B95
                                      • SendMessageA.USER32(?,0000110A,?,00000000), ref: 00404BC0
                                      • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404BD4
                                      • GetWindowLongA.USER32(?,000000F0), ref: 00404C03
                                      • SetWindowLongA.USER32(?,000000F0,00000000), ref: 00404C11
                                      • ShowWindow.USER32(?,00000005), ref: 00404C22
                                      • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404D1F
                                      • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404D84
                                      • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404D99
                                      • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404DBD
                                      • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404DDD
                                      • ImageList_Destroy.COMCTL32(?), ref: 00404DF2
                                      • GlobalFree.KERNEL32(?), ref: 00404E02
                                      • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404E7B
                                      • SendMessageA.USER32(?,00001102,?,?), ref: 00404F24
                                      • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404F33
                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 00404F53
                                      • ShowWindow.USER32(?,00000000), ref: 00404FA1
                                      • GetDlgItem.USER32(?,000003FE), ref: 00404FAC
                                      • ShowWindow.USER32(00000000), ref: 00404FB3
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                      • String ID: $M$N
                                      • API String ID: 1638840714-813528018
                                      • Opcode ID: 5d7cd4127e08cc7e18dc449df1c62f71d17ea125050121c4d20db61d323595a9
                                      • Instruction ID: 4638a2be7f0938753f9a717370e01017d92af631219061991dd3498ab54a35db
                                      • Opcode Fuzzy Hash: 5d7cd4127e08cc7e18dc449df1c62f71d17ea125050121c4d20db61d323595a9
                                      • Instruction Fuzzy Hash: 60027EB0900209AFEF109F54DC85AAE7BB5FB84315F10817AF615BA2E1C7789E42DF58
                                      Function 00405194 Relevance: 54.3, APIs: 36, Instructions: 282windowclipboardmemoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetDlgItem.USER32(?,00000403), ref: 004051F3
                                      • GetDlgItem.USER32(?,000003EE), ref: 00405202
                                      • GetClientRect.USER32(?,?), ref: 0040523F
                                      • GetSystemMetrics.USER32(00000002), ref: 00405246
                                      • SendMessageA.USER32(?,0000101B,00000000,?), ref: 00405267
                                      • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 00405278
                                      • SendMessageA.USER32(?,00001001,00000000,?), ref: 0040528B
                                      • SendMessageA.USER32(?,00001026,00000000,?), ref: 00405299
                                      • SendMessageA.USER32(?,00001024,00000000,?), ref: 004052AC
                                      • ShowWindow.USER32(00000000,?,0000001B,?), ref: 004052CE
                                      • ShowWindow.USER32(?,00000008), ref: 004052E2
                                      • GetDlgItem.USER32(?,000003EC), ref: 00405303
                                      • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 00405313
                                      • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 0040532C
                                      • SendMessageA.USER32(00000000,00002001,00000000,?), ref: 00405338
                                      • GetDlgItem.USER32(?,000003F8), ref: 00405211
                                        • Part of subcall function 00404025: SendMessageA.USER32(00000028,?,00000001,00403E55), ref: 00404033
                                      • GetDlgItem.USER32(?,000003EC), ref: 00405354
                                      • CreateThread.KERNEL32(00000000,00000000,Function_00005128,00000000), ref: 00405362
                                      • CloseHandle.KERNEL32(00000000), ref: 00405369
                                      • ShowWindow.USER32(00000000), ref: 0040538C
                                      • ShowWindow.USER32(?,00000008), ref: 00405393
                                      • ShowWindow.USER32(00000008), ref: 004053D9
                                      • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040540D
                                      • CreatePopupMenu.USER32 ref: 0040541E
                                      • AppendMenuA.USER32(00000000,00000000,00000001,00000000), ref: 00405433
                                      • GetWindowRect.USER32(?,000000FF), ref: 00405453
                                      • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040546C
                                      • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004054A8
                                      • OpenClipboard.USER32(00000000), ref: 004054B8
                                      • EmptyClipboard.USER32 ref: 004054BE
                                      • GlobalAlloc.KERNEL32(00000042,?), ref: 004054C7
                                      • GlobalLock.KERNEL32(00000000), ref: 004054D1
                                      • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004054E5
                                      • GlobalUnlock.KERNEL32(00000000), ref: 004054FE
                                      • SetClipboardData.USER32(00000001,00000000), ref: 00405509
                                      • CloseClipboard.USER32 ref: 0040550F
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                      • String ID:
                                      • API String ID: 590372296-0
                                      • Opcode ID: 7ce4c4186a3c3c97c38a9d5959e83e30d411a0e44afbdab31a022d6e1ea2659f
                                      • Instruction ID: ffe0cad38c51bf677d90d52cc1be9089f0253f1d9aa70b106fb857e880bd7d9d
                                      • Opcode Fuzzy Hash: 7ce4c4186a3c3c97c38a9d5959e83e30d411a0e44afbdab31a022d6e1ea2659f
                                      • Instruction Fuzzy Hash: B5A15AB1900208BFDB119FA4DD89AAE7F79FB08355F00403AFA05B62A0C7B55E51DF69
                                      Function 00404460 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 274stringCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetDlgItem.USER32(?,000003FB), ref: 004044AF
                                      • SetWindowTextA.USER32(00000000,?), ref: 004044D9
                                      • SHBrowseForFolderA.SHELL32(?,0041F0E0,?), ref: 0040458A
                                      • CoTaskMemFree.OLE32(00000000), ref: 00404595
                                      • lstrcmpiA.KERNEL32(Call,0041FD08), ref: 004045C7
                                      • lstrcatA.KERNEL32(?,Call), ref: 004045D3
                                      • SetDlgItemTextA.USER32(?,000003FB,?), ref: 004045E5
                                        • Part of subcall function 0040562F: GetDlgItemTextA.USER32(?,?,00000400,0040461C), ref: 00405642
                                        • Part of subcall function 00406199: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\rTransferenciarealizada451236.exe",74DF3410,C:\Users\user\AppData\Local\Temp\,00000000,00403196,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004033CF,?,00000006,00000008,0000000A), ref: 004061F1
                                        • Part of subcall function 00406199: CharNextA.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 004061FE
                                        • Part of subcall function 00406199: CharNextA.USER32(?,"C:\Users\user\Desktop\rTransferenciarealizada451236.exe",74DF3410,C:\Users\user\AppData\Local\Temp\,00000000,00403196,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004033CF,?,00000006,00000008,0000000A), ref: 00406203
                                        • Part of subcall function 00406199: CharPrevA.USER32(?,?,74DF3410,C:\Users\user\AppData\Local\Temp\,00000000,00403196,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004033CF,?,00000006,00000008,0000000A), ref: 00406213
                                      • GetDiskFreeSpaceA.KERNEL32(0041ECD8,?,?,0000040F,?,0041ECD8,0041ECD8,?,00000001,0041ECD8,?,?,000003FB,?), ref: 004046A3
                                      • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004046BE
                                        • Part of subcall function 00404817: lstrlenA.KERNEL32(0041FD08,0041FD08,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404732,000000DF,00000000,00000400,?), ref: 004048B5
                                        • Part of subcall function 00404817: wsprintfA.USER32 ref: 004048BD
                                        • Part of subcall function 00404817: SetDlgItemTextA.USER32(?,0041FD08), ref: 004048D0
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                      • String ID: A$C:\Users\user\entomostraca\nonmissionary$Call
                                      • API String ID: 2624150263-2359198371
                                      • Opcode ID: ef32ee5c924519dd82d117a465dafaf8dcd4de5cfa9c843c3c8ed1b6bd1752c3
                                      • Instruction ID: 5dd75e317128adb7bedb8be6abecdb1ea93c725c3d3faa56fa834c848e6f6950
                                      • Opcode Fuzzy Hash: ef32ee5c924519dd82d117a465dafaf8dcd4de5cfa9c843c3c8ed1b6bd1752c3
                                      • Instruction Fuzzy Hash: 4BA19FF1900209ABDB11AFA5CC45BAFB7B8EF85314F10843BF611B62D1DB7C99418B69
                                      Function 004020CB Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139comCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CoCreateInstance.OLE32(00407408,?,00000001,004073F8,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040214D
                                      • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00000400,?,00000001,004073F8,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004021FC
                                      Strings
                                      • C:\Users\user\entomostraca\nonmissionary, xrefs: 0040218D
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: ByteCharCreateInstanceMultiWide
                                      • String ID: C:\Users\user\entomostraca\nonmissionary
                                      • API String ID: 123533781-2042944658
                                      • Opcode ID: e3b45c08e4ce457a64ba278d5508bdaa5c8a437ab77814b71e65f4811fac46df
                                      • Instruction ID: 27b6dc01e21a21dcf175964b2ce54e528eb66c3f275abda499c4f6713b6e0615
                                      • Opcode Fuzzy Hash: e3b45c08e4ce457a64ba278d5508bdaa5c8a437ab77814b71e65f4811fac46df
                                      • Instruction Fuzzy Hash: 355136B5A00208BFCF10DFE4C988A9DBBB5EF48314F2045AAF915EB2D1DA799941CF54
                                      Function 004026F8 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 00402707
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: FileFindFirst
                                      • String ID:
                                      • API String ID: 1974802433-0
                                      • Opcode ID: 86462296798bcc5c7116dc0b8927a48604f8bac83b6720eb84ded3fe255ec0fc
                                      • Instruction ID: 8315facf8ced128c6c50566814b57074d619fda0e5ca52ae4c33e0c7423f4127
                                      • Opcode Fuzzy Hash: 86462296798bcc5c7116dc0b8927a48604f8bac83b6720eb84ded3fe255ec0fc
                                      • Instruction Fuzzy Hash: E8F0ECB2704111AFD710EB749D49AFE7778DB11324F20057BE645F20C1D6B88A45DB2A
                                      Function 00403B1C Relevance: 48.3, APIs: 32, Instructions: 346windowstringCOMMON
                                      Download Yara Rule
                                      APIs
                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403B58
                                      • ShowWindow.USER32(?), ref: 00403B75
                                      • DestroyWindow.USER32 ref: 00403B89
                                      • SetWindowLongA.USER32(?,00000000,00000000), ref: 00403BA5
                                      • GetDlgItem.USER32(?,?), ref: 00403BC6
                                      • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403BDA
                                      • IsWindowEnabled.USER32(00000000), ref: 00403BE1
                                      • GetDlgItem.USER32(?,00000001), ref: 00403C8F
                                      • GetDlgItem.USER32(?,00000002), ref: 00403C99
                                      • SetClassLongA.USER32(?,000000F2,?), ref: 00403CB3
                                      • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403D04
                                      • GetDlgItem.USER32(?,?), ref: 00403DAA
                                      • ShowWindow.USER32(00000000,?), ref: 00403DCB
                                      • EnableWindow.USER32(?,?), ref: 00403DDD
                                      • EnableWindow.USER32(?,?), ref: 00403DF8
                                      • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403E0E
                                      • EnableMenuItem.USER32(00000000), ref: 00403E15
                                      • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403E2D
                                      • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403E40
                                      • lstrlenA.KERNEL32(0041FD08,?,0041FD08,00000000), ref: 00403E6A
                                      • SetWindowTextA.USER32(?,0041FD08), ref: 00403E79
                                      • ShowWindow.USER32(?,0000000A), ref: 00403FAD
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                      • String ID:
                                      • API String ID: 184305955-0
                                      • Opcode ID: 9cb3074a3fb103a6f3d47e7af7ff2d0ba242536aebbf1ca43321ce8251f687ac
                                      • Instruction ID: f34c7ad61b4b1b4f5354d92f7eace51acccef8372a8e2d808ca2954a926f6951
                                      • Opcode Fuzzy Hash: 9cb3074a3fb103a6f3d47e7af7ff2d0ba242536aebbf1ca43321ce8251f687ac
                                      • Instruction Fuzzy Hash: 65C1B171A04205BBDB216F61ED45E2B7E7CFB45706F40443EF601B11E1C779A942AB2E
                                      Function 00404139 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 202windowstringCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 004041C4
                                      • GetDlgItem.USER32(00000000,000003E8), ref: 004041D8
                                      • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 004041F6
                                      • GetSysColor.USER32(?), ref: 00404207
                                      • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 00404216
                                      • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 00404225
                                      • lstrlenA.KERNEL32(?), ref: 00404228
                                      • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 00404237
                                      • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 0040424C
                                      • GetDlgItem.USER32(?,0000040A), ref: 004042AE
                                      • SendMessageA.USER32(00000000), ref: 004042B1
                                      • GetDlgItem.USER32(?,000003E8), ref: 004042DC
                                      • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 0040431C
                                      • LoadCursorA.USER32(00000000,00007F02), ref: 0040432B
                                      • SetCursor.USER32(00000000), ref: 00404334
                                      • LoadCursorA.USER32(00000000,00007F00), ref: 0040434A
                                      • SetCursor.USER32(00000000), ref: 0040434D
                                      • SendMessageA.USER32(00000111,00000001,00000000), ref: 00404379
                                      • SendMessageA.USER32(00000010,00000000,00000000), ref: 0040438D
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                      • String ID: Call$N
                                      • API String ID: 3103080414-3438112850
                                      • Opcode ID: feecafc40baf01a00ddfc5a4ad2d6f47f6ba1c3b7388df2095feb28ad013f924
                                      • Instruction ID: 7162b40555158b22622c6e9d00efc6f9eaf6d98589edfbec15a783eb0e256f30
                                      • Opcode Fuzzy Hash: feecafc40baf01a00ddfc5a4ad2d6f47f6ba1c3b7388df2095feb28ad013f924
                                      • Instruction Fuzzy Hash: 4E61A4B1A40205BFDB109F61CD45F6A7B69FB84704F00803AFB05BA2D1C7B8A951CF99
                                      Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                      Download Yara Rule
                                      APIs
                                      • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                      • BeginPaint.USER32(?,?), ref: 00401047
                                      • GetClientRect.USER32(?,?), ref: 0040105B
                                      • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                      • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                      • DeleteObject.GDI32(?), ref: 004010ED
                                      • CreateFontIndirectA.GDI32(?), ref: 00401105
                                      • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                      • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                      • SelectObject.GDI32(00000000,?), ref: 00401140
                                      • DrawTextA.USER32(00000000,00422F00,000000FF,00000010,00000820), ref: 00401156
                                      • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                      • DeleteObject.GDI32(?), ref: 00401165
                                      • EndPaint.USER32(?,?), ref: 0040116E
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                      • String ID: F
                                      • API String ID: 941294808-1304234792
                                      • Opcode ID: 0195cc9bd3a679183555b6c9b2658d6023a39abd86bfcdd07458fb5c51006648
                                      • Instruction ID: d756f8073455ec7f94eaaa006bac723f94b68f9cc4de0a6a70f3062e944f429a
                                      • Opcode Fuzzy Hash: 0195cc9bd3a679183555b6c9b2658d6023a39abd86bfcdd07458fb5c51006648
                                      • Instruction Fuzzy Hash: 6E419B71804249AFCF058FA4CD459AFBFB9FF44310F00812AF961AA1A0C738EA50DFA5
                                      Function 00405B9E Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 129memorystringCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,00000000,00405D2F,?,?), ref: 00405BCF
                                      • GetShortPathNameA.KERNEL32(?,00421A98,00000400), ref: 00405BD8
                                        • Part of subcall function 00405A2D: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405C88,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405A3D
                                        • Part of subcall function 00405A2D: lstrlenA.KERNEL32(00000000,?,00000000,00405C88,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405A6F
                                      • GetShortPathNameA.KERNEL32(?,00421E98,00000400), ref: 00405BF5
                                      • wsprintfA.USER32 ref: 00405C13
                                      • GetFileSize.KERNEL32(00000000,00000000,00421E98,C0000000,00000004,00421E98,?,?,?,?,?), ref: 00405C4E
                                      • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405C5D
                                      • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405C95
                                      • SetFilePointer.KERNEL32(004093B8,00000000,00000000,00000000,00000000,00421698,00000000,-0000000A,004093B8,00000000,[Rename],00000000,00000000,00000000), ref: 00405CEB
                                      • GlobalFree.KERNEL32(00000000), ref: 00405CFC
                                      • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00405D03
                                        • Part of subcall function 00405AC8: GetFileAttributesA.KERNELBASE(?,00402D88,C:\Users\user\Desktop\rTransferenciarealizada451236.exe,80000000,?), ref: 00405ACC
                                        • Part of subcall function 00405AC8: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405AEE
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                      • String ID: %s=%s$[Rename]
                                      • API String ID: 2171350718-1727408572
                                      • Opcode ID: fa16ef9a339b69213ae22a03f48f65898cca3967a232a53d2c4426af25c81478
                                      • Instruction ID: 318577f01edad599db78de103440226658cd26d488467381f1a5ad924793321f
                                      • Opcode Fuzzy Hash: fa16ef9a339b69213ae22a03f48f65898cca3967a232a53d2c4426af25c81478
                                      • Instruction Fuzzy Hash: DC311331605B196BD2206B65AC49F6B3A6CDF45754F14053BFA01F72D2E63CAC018EBD
                                      Function 100021FA Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 137memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GlobalFree.KERNEL32(00000000), ref: 10002348
                                        • Part of subcall function 10001224: lstrcpynA.KERNEL32(00000000,?,100012CF,-1000404B,100011AB,-000000A0), ref: 10001234
                                      • GlobalAlloc.KERNEL32(00000040,?), ref: 100022C5
                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 100022DA
                                      • GlobalAlloc.KERNEL32(00000040,00000010), ref: 100022E9
                                      • CLSIDFromString.OLE32(00000000,00000000), ref: 100022F7
                                      • GlobalFree.KERNEL32(00000000), ref: 100022FE
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2681703375.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000000.00000002.2681669982.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000000.00000002.2681728208.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000000.00000002.2681751281.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_10000000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: Global$AllocFree$ByteCharFromMultiStringWidelstrcpyn
                                      • String ID: @Hmu
                                      • API String ID: 3730416702-887474944
                                      • Opcode ID: 0f1d2088a070cebd5915530b0a964975e4ea41447dfd67459970790859c4aece
                                      • Instruction ID: a642113aa4013a2ca06c871554e8d399cf46bf4099943ddf9e0960cc50565d32
                                      • Opcode Fuzzy Hash: 0f1d2088a070cebd5915530b0a964975e4ea41447dfd67459970790859c4aece
                                      • Instruction Fuzzy Hash: A941BCB1508311EFF320DF648C84B6AB7E8FF443D0F11892AF946D61A9DB34AA40CB61
                                      Function 00406199 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                      Download Yara Rule
                                      APIs
                                      • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\rTransferenciarealizada451236.exe",74DF3410,C:\Users\user\AppData\Local\Temp\,00000000,00403196,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004033CF,?,00000006,00000008,0000000A), ref: 004061F1
                                      • CharNextA.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 004061FE
                                      • CharNextA.USER32(?,"C:\Users\user\Desktop\rTransferenciarealizada451236.exe",74DF3410,C:\Users\user\AppData\Local\Temp\,00000000,00403196,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004033CF,?,00000006,00000008,0000000A), ref: 00406203
                                      • CharPrevA.USER32(?,?,74DF3410,C:\Users\user\AppData\Local\Temp\,00000000,00403196,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004033CF,?,00000006,00000008,0000000A), ref: 00406213
                                      Strings
                                      • "C:\Users\user\Desktop\rTransferenciarealizada451236.exe", xrefs: 004061D5
                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 0040619A
                                      • *?|<>/":, xrefs: 004061E1
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: Char$Next$Prev
                                      • String ID: "C:\Users\user\Desktop\rTransferenciarealizada451236.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                      • API String ID: 589700163-3812289101
                                      • Opcode ID: cc2015c7b969e01208aad92a9e3b8c758494e26085fc8624e700c096258e22ae
                                      • Instruction ID: ca9b47fb282156c43c251839f6001ffd27a0cb8481c2ab4f175210ee2844123a
                                      • Opcode Fuzzy Hash: cc2015c7b969e01208aad92a9e3b8c758494e26085fc8624e700c096258e22ae
                                      • Instruction Fuzzy Hash: 0911046180839169FB3216244C44B7B7F898F5B760F1A44BFE8D6722C3C67C5C62866E
                                      Function 00404057 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetWindowLongA.USER32(?,000000EB), ref: 00404074
                                      • GetSysColor.USER32(00000000), ref: 00404090
                                      • SetTextColor.GDI32(?,00000000), ref: 0040409C
                                      • SetBkMode.GDI32(?,?), ref: 004040A8
                                      • GetSysColor.USER32(?), ref: 004040BB
                                      • SetBkColor.GDI32(?,?), ref: 004040CB
                                      • DeleteObject.GDI32(?), ref: 004040E5
                                      • CreateBrushIndirect.GDI32(?), ref: 004040EF
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                      • String ID:
                                      • API String ID: 2320649405-0
                                      • Opcode ID: e8c91e704ef8b2f1a11ad189bfd14f771d09f9d58710722270f9777396a44b4e
                                      • Instruction ID: becbdb48d67c78dbb8c9c091cdbe424430cb8bef044b76b3398d9101d9dbd489
                                      • Opcode Fuzzy Hash: e8c91e704ef8b2f1a11ad189bfd14f771d09f9d58710722270f9777396a44b4e
                                      • Instruction Fuzzy Hash: 86215071904704ABCB219F68DD48B4BBBF8AF41714B048A29EA96B26E0C734E904CB65
                                      Function 100023D8 Relevance: 10.6, APIs: 7, Instructions: 111COMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 10001215: GlobalAlloc.KERNELBASE(00000040,10001233,?,100012CF,-1000404B,100011AB,-000000A0), ref: 1000121D
                                      • GlobalFree.KERNEL32(?), ref: 100024B3
                                      • GlobalFree.KERNEL32(00000000), ref: 100024ED
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2681703375.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000000.00000002.2681669982.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000000.00000002.2681728208.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000000.00000002.2681751281.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_10000000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: Global$Free$Alloc
                                      • String ID:
                                      • API String ID: 1780285237-0
                                      • Opcode ID: 9b8f7426cd7417a05f7efaca6ab9ef20acf91f7aea9c9defdea317c740d0f0ba
                                      • Instruction ID: c0db1d51d0d8beb2da32add46ec64f24e8f484468aa98c5ce89375ba0c102a5a
                                      • Opcode Fuzzy Hash: 9b8f7426cd7417a05f7efaca6ab9ef20acf91f7aea9c9defdea317c740d0f0ba
                                      • Instruction Fuzzy Hash: 0831A9B1504211EFF322DB94CCC4C2B7BBDEB853D4B118929FA4193228CB31AC94DB62
                                      Function 00405056 Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • lstrlenA.KERNEL32(0041F4E8,00000000,0040E8C0,00000000,?,?,?,?,?,?,?,?,?,004030B1,00000000,?), ref: 0040508F
                                      • lstrlenA.KERNEL32(004030B1,0041F4E8,00000000,0040E8C0,00000000,?,?,?,?,?,?,?,?,?,004030B1,00000000), ref: 0040509F
                                      • lstrcatA.KERNEL32(0041F4E8,004030B1,004030B1,0041F4E8,00000000,0040E8C0,00000000), ref: 004050B2
                                      • SetWindowTextA.USER32(0041F4E8,0041F4E8), ref: 004050C4
                                      • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004050EA
                                      • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405104
                                      • SendMessageA.USER32(?,00001013,?,00000000), ref: 00405112
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                      • String ID:
                                      • API String ID: 2531174081-0
                                      • Opcode ID: 7a30fd5aa95a704ddc080644221cac8ba995af417aa6bdfbb55c98406b985727
                                      • Instruction ID: e673b9bb112aa3472437e231988a5d641118b75a6dbc9ddacfe4bdcedf5bb5e7
                                      • Opcode Fuzzy Hash: 7a30fd5aa95a704ddc080644221cac8ba995af417aa6bdfbb55c98406b985727
                                      • Instruction Fuzzy Hash: 49217A71A00508BBDF11DFA5DD80ADFBFA9EB08354F14807AF944A6291C2788A41CFA8
                                      Function 00404921 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 0040493C
                                      • GetMessagePos.USER32 ref: 00404944
                                      • ScreenToClient.USER32(?,?), ref: 0040495E
                                      • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404970
                                      • SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404996
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: Message$Send$ClientScreen
                                      • String ID: f
                                      • API String ID: 41195575-1993550816
                                      • Opcode ID: 13dcb630cae817d26763a7c5c34c1a537cec2b83c976c16d0abeb4614e4307e4
                                      • Instruction ID: 39a8229da7402e88b879503ea9069683dc6a956defdeaab739565ccd09fe5115
                                      • Opcode Fuzzy Hash: 13dcb630cae817d26763a7c5c34c1a537cec2b83c976c16d0abeb4614e4307e4
                                      • Instruction Fuzzy Hash: F3014071D00219BADB01DBA4DC85FFFBBBCAF55711F10412BBA11B61C0D7B869058BA5
                                      Function 00402C61 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402C7C
                                      • MulDiv.KERNEL32(000DE395,00000064,000DF7A8), ref: 00402CA7
                                      • wsprintfA.USER32 ref: 00402CB7
                                      • SetWindowTextA.USER32(?,?), ref: 00402CC7
                                      • SetDlgItemTextA.USER32(?,00000406,?), ref: 00402CD9
                                      Strings
                                      • verifying installer: %d%%, xrefs: 00402CB1
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: Text$ItemTimerWindowwsprintf
                                      • String ID: verifying installer: %d%%
                                      • API String ID: 1451636040-82062127
                                      • Opcode ID: 8cc8d962d8a99aef7830ba12bdb56859a6c3448b551b59a443d52a8a404c13af
                                      • Instruction ID: 60d807589532a1750165d7633efe1ba379d0dd74474c58c1bab17da8cefdfa8e
                                      • Opcode Fuzzy Hash: 8cc8d962d8a99aef7830ba12bdb56859a6c3448b551b59a443d52a8a404c13af
                                      • Instruction Fuzzy Hash: DA011271944209FBEF209F60DD09EEE37A9EB04304F008039FA06B92D0D7B99995CF59
                                      Function 00402736 Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 0040278A
                                      • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 004027A6
                                      • GlobalFree.KERNEL32(?), ref: 004027E5
                                      • GlobalFree.KERNEL32(00000000), ref: 004027F8
                                      • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 00402810
                                      • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402824
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: Global$AllocFree$CloseDeleteFileHandle
                                      • String ID:
                                      • API String ID: 2667972263-0
                                      • Opcode ID: 3fc906cc5814f1f80ca93e9dadef5c7fad5cafe1ef7802143d47ec90486de439
                                      • Instruction ID: 6a21e90f7c3239ff032d316014871365707a2127fc9d4c87d4a28567e6836d84
                                      • Opcode Fuzzy Hash: 3fc906cc5814f1f80ca93e9dadef5c7fad5cafe1ef7802143d47ec90486de439
                                      • Instruction Fuzzy Hash: 9B21C071C00124BBCF216FA5DD89DAE7B79EF05364F14423AF914762E0C6784D008FA8
                                      Function 1000180D Relevance: 7.7, APIs: 5, Instructions: 189COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2681703375.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000000.00000002.2681669982.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000000.00000002.2681728208.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000000.00000002.2681751281.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_10000000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: FreeGlobal
                                      • String ID:
                                      • API String ID: 2979337801-0
                                      • Opcode ID: e61c022a33ae2d8226f4f9d8dc9768096fb4d6cd4e5c598d89deb3e57b8d12c3
                                      • Instruction ID: adaf369aa6dab84e94bee76403d526b7d43184adb12fe210256c1aedb67fe499
                                      • Opcode Fuzzy Hash: e61c022a33ae2d8226f4f9d8dc9768096fb4d6cd4e5c598d89deb3e57b8d12c3
                                      • Instruction Fuzzy Hash: 43512536D04159AEFB55DFB488A4AEEBBF6EF453C0F124169E841B315DCA306E4087D2
                                      Function 00401D3B Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetDlgItem.USER32(?), ref: 00401D3F
                                      • GetClientRect.USER32(00000000,?), ref: 00401D4C
                                      • LoadImageA.USER32(?,00000000,?,?,?,?), ref: 00401D6D
                                      • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D7B
                                      • DeleteObject.GDI32(00000000), ref: 00401D8A
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                      • String ID:
                                      • API String ID: 1849352358-0
                                      • Opcode ID: 764c70fbd70d8432b47cb810857664527778e1a3b62db9879bd3831654477798
                                      • Instruction ID: e514ae104980ccf078864521baf36738fde3649283c018ed360e76dc3c34fc32
                                      • Opcode Fuzzy Hash: 764c70fbd70d8432b47cb810857664527778e1a3b62db9879bd3831654477798
                                      • Instruction Fuzzy Hash: 13F0FFB2A04115BFDB01EBA4DD88DAFBBBCEB44301B044476F605F2191C6749D018B79
                                      Function 00404817 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                      Download Yara Rule
                                      APIs
                                      • lstrlenA.KERNEL32(0041FD08,0041FD08,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404732,000000DF,00000000,00000400,?), ref: 004048B5
                                      • wsprintfA.USER32 ref: 004048BD
                                      • SetDlgItemTextA.USER32(?,0041FD08), ref: 004048D0
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: ItemTextlstrlenwsprintf
                                      • String ID: %u.%u%s%s
                                      • API String ID: 3540041739-3551169577
                                      • Opcode ID: fa3760b7cc8f97072af816aff5d6cd3f5b0d901f8ded19e577a8610c70623aa0
                                      • Instruction ID: e2544e14f383b0e553931f5ad3d2c5e69aaccc6a02b7144a1c376111f1efcf8d
                                      • Opcode Fuzzy Hash: fa3760b7cc8f97072af816aff5d6cd3f5b0d901f8ded19e577a8610c70623aa0
                                      • Instruction Fuzzy Hash: 2B11E473A041283BDB0076699C42EAF3288DB81374F254637FB65F21D1E979DC1286A8
                                      Function 004058C7 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                      Download Yara Rule
                                      APIs
                                      • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004031A8,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004033CF,?,00000006,00000008,0000000A), ref: 004058CD
                                      • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004031A8,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004033CF,?,00000006,00000008,0000000A), ref: 004058D6
                                      • lstrcatA.KERNEL32(?,00409014,?,00000006,00000008,0000000A), ref: 004058E7
                                      Strings
                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 004058C7
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: CharPrevlstrcatlstrlen
                                      • String ID: C:\Users\user\AppData\Local\Temp\
                                      • API String ID: 2659869361-3081826266
                                      • Opcode ID: 7d86c92969947f3077f9a158046bd063bc506289d00538d24d19a3cace2b88b5
                                      • Instruction ID: 8ecb161afe92f8f98ec5c140421c9a6f3833b5d00e23c8f539a5f8bbe46d8a58
                                      • Opcode Fuzzy Hash: 7d86c92969947f3077f9a158046bd063bc506289d00538d24d19a3cace2b88b5
                                      • Instruction Fuzzy Hash: B0D0A962A05D302BD20273159C05E8F2A0CCF12740B0400B2F200B22E2C63C4D428FFE
                                      Function 00402BB4 Relevance: 6.1, APIs: 4, Instructions: 64registryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402C19
                                      • RegCloseKey.ADVAPI32(?), ref: 00402C22
                                      • RegCloseKey.ADVAPI32(?), ref: 00402C43
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: Close$Enum
                                      • String ID:
                                      • API String ID: 464197530-0
                                      • Opcode ID: 5fe6e6338124074b19b3eb1c5c070307e52f2795d6781a92dd7472e0c3a1a3a9
                                      • Instruction ID: 05bed6b59ed8188e40eca3efb14264cb36eb805b2849730c7d7757a09cb5f5a9
                                      • Opcode Fuzzy Hash: 5fe6e6338124074b19b3eb1c5c070307e52f2795d6781a92dd7472e0c3a1a3a9
                                      • Instruction Fuzzy Hash: BC115B32504119FBEF01AF51CE09B9E7B7AEF14351F104072BA05B50E0E7B5EE52AA68
                                      Function 00405960 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                      Download Yara Rule
                                      APIs
                                      • CharNextA.USER32(?,?,Esophagostenosis199.Dok14,?,004059CC,Esophagostenosis199.Dok14,Esophagostenosis199.Dok14,74DF3410,?,C:\Users\user\AppData\Local\Temp\,00405717,?,74DF3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 0040596E
                                      • CharNextA.USER32(00000000), ref: 00405973
                                      • CharNextA.USER32(00000000), ref: 00405987
                                      Strings
                                      • Esophagostenosis199.Dok14, xrefs: 00405961
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: CharNext
                                      • String ID: Esophagostenosis199.Dok14
                                      • API String ID: 3213498283-3722586252
                                      • Opcode ID: 78caeea6086e6eed9a212387893711d8897386d9b52ffe3bd3d136e2934aa6d1
                                      • Instruction ID: 9bd73c2178bbc4ada55c293d8cea80d9ef0b2d457d60247f238fee92507865f8
                                      • Opcode Fuzzy Hash: 78caeea6086e6eed9a212387893711d8897386d9b52ffe3bd3d136e2934aa6d1
                                      • Instruction Fuzzy Hash: CDF096D1904F60AEFB3252684C44B779F89CB56771F18447BE940B62C1C27C48418FEB
                                      Function 00402CE4 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                      Download Yara Rule
                                      APIs
                                      • DestroyWindow.USER32(00000000,00000000,00402EC4,00000001), ref: 00402CF7
                                      • GetTickCount.KERNEL32 ref: 00402D15
                                      • CreateDialogParamA.USER32(0000006F,00000000,00402C61,00000000), ref: 00402D32
                                      • ShowWindow.USER32(00000000,00000005), ref: 00402D40
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: Window$CountCreateDestroyDialogParamShowTick
                                      • String ID:
                                      • API String ID: 2102729457-0
                                      • Opcode ID: f4337ae7c9a0c2b393fe5f11cb57febad8f5df9eb2ad2e71e21657c922240b80
                                      • Instruction ID: 46e63a0393c595c386a212d898ebec3da19c13aa57c3e66a4565427f31a4a510
                                      • Opcode Fuzzy Hash: f4337ae7c9a0c2b393fe5f11cb57febad8f5df9eb2ad2e71e21657c922240b80
                                      • Instruction Fuzzy Hash: 09F05E70906221ABDA207F20BE4CACA7BA4FB45B527024576F445B11E4C779888ACBDD
                                      Function 00404FCA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • IsWindowVisible.USER32(?), ref: 00404FF9
                                      • CallWindowProcA.USER32(?,?,?,?), ref: 0040504A
                                        • Part of subcall function 0040403C: SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 0040404E
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: Window$CallMessageProcSendVisible
                                      • String ID:
                                      • API String ID: 3748168415-3916222277
                                      • Opcode ID: e712e2a543f08d2e54f60ba561f502afcf318598cb166087ec4cd0ddecdd3944
                                      • Instruction ID: a223dd13e6372a4dd0479c59c93eb21e0d8a99a0ac54a5c20384062b78d82a0f
                                      • Opcode Fuzzy Hash: e712e2a543f08d2e54f60ba561f502afcf318598cb166087ec4cd0ddecdd3944
                                      • Instruction Fuzzy Hash: F1017171104609EBEF205F51DD81A9F3A29EB84795F204037FA01B62D1D77A8C51AAAE
                                      Function 004036EA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                      Download Yara Rule
                                      APIs
                                      • FreeLibrary.KERNEL32(?,74DF3410,00000000,C:\Users\user\AppData\Local\Temp\,004036C2,004034DC,?,?,00000006,00000008,0000000A), ref: 00403704
                                      • GlobalFree.KERNEL32(006078A0), ref: 0040370B
                                      Strings
                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 004036EA
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: Free$GlobalLibrary
                                      • String ID: C:\Users\user\AppData\Local\Temp\
                                      • API String ID: 1100898210-3081826266
                                      • Opcode ID: 35d1f02da0abf4a3a5ea65bd0cdd12c9264502c99e7b9c945f64e5a7c8fdc6a2
                                      • Instruction ID: b677e6ccb62fb367f72670c3ce7c034f3dd0af87a7da7d41c05298a088c6e355
                                      • Opcode Fuzzy Hash: 35d1f02da0abf4a3a5ea65bd0cdd12c9264502c99e7b9c945f64e5a7c8fdc6a2
                                      • Instruction Fuzzy Hash: C6E01233815121ABC7356F5BED04B5A77687F45B22F058466EC407B3A0CB746C418FD9
                                      Function 0040590E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                      Download Yara Rule
                                      APIs
                                      • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402DB4,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\rTransferenciarealizada451236.exe,C:\Users\user\Desktop\rTransferenciarealizada451236.exe,80000000,?), ref: 00405914
                                      • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402DB4,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\rTransferenciarealizada451236.exe,C:\Users\user\Desktop\rTransferenciarealizada451236.exe,80000000,?), ref: 00405922
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: CharPrevlstrlen
                                      • String ID: C:\Users\user\Desktop
                                      • API String ID: 2709904686-224404859
                                      • Opcode ID: 714da30cf500cccbdd7b4a4277d37f3a4e299a669b52a45b343dae58782ad56f
                                      • Instruction ID: 79756b3271e31ddeb9bc27b600d1c90533e2d507c88bbc01e3e6e8e0ac64b055
                                      • Opcode Fuzzy Hash: 714da30cf500cccbdd7b4a4277d37f3a4e299a669b52a45b343dae58782ad56f
                                      • Instruction Fuzzy Hash: 1BD0C7B2419D706EE34373559C04B9F6A49DF56750F0904A2E140A61D1C67C5D414BAD
                                      Function 100010E0 Relevance: 5.1, APIs: 4, Instructions: 102memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GlobalAlloc.KERNEL32(00000040,?), ref: 1000115B
                                      • GlobalFree.KERNEL32(00000000), ref: 100011B4
                                      • GlobalFree.KERNEL32(?), ref: 100011C7
                                      • GlobalFree.KERNEL32(?), ref: 100011F5
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2681703375.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000000.00000002.2681669982.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000000.00000002.2681728208.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000000.00000002.2681751281.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_10000000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: Global$Free$Alloc
                                      • String ID:
                                      • API String ID: 1780285237-0
                                      • Opcode ID: 6ef9e3687ab983c99c874163fdcc0ee6cc2800f994ca68b8431a209e6fec97f5
                                      • Instruction ID: 5d3a3765e571093bf703368c32e31ec5bfeafbef09712c331e02e9e13643e521
                                      • Opcode Fuzzy Hash: 6ef9e3687ab983c99c874163fdcc0ee6cc2800f994ca68b8431a209e6fec97f5
                                      • Instruction Fuzzy Hash: 6531ABB1808255AFF715CFA8DC89AEA7FE8EB052C1B164115FA45D726CDB34D910CB24
                                      Function 00405A2D Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                      Download Yara Rule
                                      APIs
                                      • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405C88,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405A3D
                                      • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405A55
                                      • CharNextA.USER32(00000000,?,00000000,00405C88,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405A66
                                      • lstrlenA.KERNEL32(00000000,?,00000000,00405C88,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405A6F
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2676703118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2676685996.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676720020.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676738220.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2676863024.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: lstrlen$CharNextlstrcmpi
                                      • String ID:
                                      • API String ID: 190613189-0
                                      • Opcode ID: 57b21f4120e00b08a3941e9ed4e610408d9ca53935617fe6296070accebd3829
                                      • Instruction ID: 6224e523b18aba5be362eaca93d7d04149ef311f73b073555fcbd801f46ec3cb
                                      • Opcode Fuzzy Hash: 57b21f4120e00b08a3941e9ed4e610408d9ca53935617fe6296070accebd3829
                                      • Instruction Fuzzy Hash: 68F0C232604458AFC712DBA4CC40D9EBBA8EF46350B2541A5E800F7251D234EE019FA9

                                      Execution Graph

                                      Execution Coverage:0%
                                      Dynamic/Decrypted Code Coverage:100%
                                      Signature Coverage:100%
                                      Total number of Nodes:1
                                      Total number of Limit Nodes:0
                                      execution_graph 77311 33b32df0 LdrInitializeThunk

                                      Executed Functions

                                      Function 33B32DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 0 33b32df0-33b32dfc LdrInitializeThunk
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID:
                                      • API String ID: 2994545307-0
                                      • Opcode ID: 4d0257531c1319b18f4615b0ae36a77c1eabc82735706a5804a697dc0936f908
                                      • Instruction ID: a0b0fb94958cd40330e7a7bb8dbb8ef5af70238c45fdb43a4b79ddbeb470a3ae
                                      • Opcode Fuzzy Hash: 4d0257531c1319b18f4615b0ae36a77c1eabc82735706a5804a697dc0936f908
                                      • Instruction Fuzzy Hash: 8690023120140813D11171588514707000947D0242F95C423A0428519D96978A56B225

                                      Non-executed Functions

                                      Function 33B994E0 Relevance: 19.8, APIs: 8, Strings: 3, Instructions: 558timeCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 552 33b994e0-33b99529 553 33b99578-33b99587 552->553 554 33b9952b-33b99530 552->554 555 33b99589-33b9958e 553->555 556 33b99534-33b9953a 553->556 554->556 557 33b99d13-33b99d27 call 33b34c30 555->557 558 33b99540-33b99564 call 33b39020 556->558 559 33b99695-33b996bd call 33b39020 556->559 568 33b99593-33b99634 GetPEB call 33b9dc65 558->568 569 33b99566-33b99573 call 33bb972b 558->569 566 33b996dc-33b99712 559->566 567 33b996bf-33b996da call 33b99d2a 559->567 572 33b99714-33b99716 566->572 567->572 579 33b99652-33b99667 568->579 580 33b99636-33b99644 568->580 578 33b9967d-33b99690 RtlDebugPrintTimes 569->578 572->557 577 33b9971c-33b99731 RtlDebugPrintTimes 572->577 577->557 586 33b99737-33b9973e 577->586 578->557 579->578 582 33b99669-33b9966e 579->582 580->579 581 33b99646-33b9964b 580->581 581->579 584 33b99670 582->584 585 33b99673-33b99676 582->585 584->585 585->578 586->557 588 33b99744-33b9975f 586->588 589 33b99763-33b99774 call 33b9a808 588->589 592 33b9977a-33b9977c 589->592 593 33b99d11 589->593 592->557 594 33b99782-33b99789 592->594 593->557 595 33b998fc-33b99902 594->595 596 33b9978f-33b99794 594->596 599 33b99908-33b99937 call 33b39020 595->599 600 33b99a9c-33b99aa2 595->600 597 33b997bc 596->597 598 33b99796-33b9979c 596->598 602 33b997c0-33b99811 call 33b39020 RtlDebugPrintTimes 597->602 598->597 601 33b9979e-33b997b2 598->601 617 33b99939-33b99944 599->617 618 33b99970-33b99985 599->618 604 33b99af4-33b99af9 600->604 605 33b99aa4-33b99aad 600->605 608 33b997b8-33b997ba 601->608 609 33b997b4-33b997b6 601->609 602->557 644 33b99817-33b9981b 602->644 606 33b99ba8-33b99bb1 604->606 607 33b99aff-33b99b07 604->607 605->589 612 33b99ab3-33b99aef call 33b39020 605->612 606->589 616 33b99bb7-33b99bba 606->616 613 33b99b09-33b99b0d 607->613 614 33b99b13-33b99b3d call 33b98513 607->614 608->602 609->602 630 33b99ce9 612->630 613->606 613->614 641 33b99d08-33b99d0c 614->641 642 33b99b43-33b99b9e call 33b39020 RtlDebugPrintTimes 614->642 624 33b99c7d-33b99cb4 call 33b39020 616->624 625 33b99bc0-33b99c0a 616->625 626 33b9994f-33b9996e 617->626 627 33b99946-33b9994d 617->627 621 33b99991-33b99998 618->621 622 33b99987-33b99989 618->622 634 33b999bd-33b999bf 621->634 632 33b9998b-33b9998d 622->632 633 33b9998f 622->633 654 33b99cbb-33b99cc2 624->654 655 33b99cb6 624->655 628 33b99c0c 625->628 629 33b99c11-33b99c1e 625->629 631 33b999d9-33b999f6 RtlDebugPrintTimes 626->631 627->626 628->629 638 33b99c2a-33b99c2d 629->638 639 33b99c20-33b99c23 629->639 640 33b99ced 630->640 631->557 658 33b999fc-33b99a1f call 33b39020 631->658 632->621 633->621 645 33b9999a-33b999a4 634->645 646 33b999c1-33b999d7 634->646 649 33b99c39-33b99c7b 638->649 650 33b99c2f-33b99c32 638->650 639->638 648 33b99cf1-33b99d06 RtlDebugPrintTimes 640->648 641->589 642->557 685 33b99ba4 642->685 656 33b9986b-33b99880 644->656 657 33b9981d-33b99825 644->657 651 33b999ad 645->651 652 33b999a6 645->652 646->631 648->557 648->641 649->648 650->649 662 33b999af-33b999b1 651->662 652->646 660 33b999a8-33b999ab 652->660 663 33b99ccd 654->663 664 33b99cc4-33b99ccb 654->664 655->654 659 33b99886-33b99894 656->659 665 33b99852-33b99869 657->665 666 33b99827-33b99850 call 33b98513 657->666 682 33b99a3d-33b99a58 658->682 683 33b99a21-33b99a3b 658->683 668 33b99898-33b998ef call 33b39020 RtlDebugPrintTimes 659->668 660->662 670 33b999bb 662->670 671 33b999b3-33b999b5 662->671 672 33b99cd1-33b99cd7 663->672 664->672 665->659 666->668 668->557 688 33b998f5-33b998f7 668->688 670->634 671->670 678 33b999b7-33b999b9 671->678 679 33b99cd9-33b99cdc 672->679 680 33b99cde-33b99ce4 672->680 678->634 679->630 680->640 681 33b99ce6 680->681 681->630 686 33b99a5d-33b99a8b RtlDebugPrintTimes 682->686 683->686 685->606 686->557 690 33b99a91-33b99a97 686->690 688->641 690->616
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID: $ $0
                                      • API String ID: 3446177414-3352262554
                                      • Opcode ID: 5ff46d57823f41e7011fcf01260b3ac6de1434f43fd47da0e02c2a997665e692
                                      • Instruction ID: 1e7e82169459bf13de74fcd384a0d1fef152804cde2a8ad169a236cac5159431
                                      • Opcode Fuzzy Hash: 5ff46d57823f41e7011fcf01260b3ac6de1434f43fd47da0e02c2a997665e692
                                      • Instruction Fuzzy Hash: DA32F1B5A083818FE390CF68C984B9BBBE5BF88344F04493EF59987250D775E949CB52
                                      Function 33BA0274 Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 348timeCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1295 33ba0274-33ba0296 call 33b47e54 1298 33ba0298-33ba02b0 RtlDebugPrintTimes 1295->1298 1299 33ba02b5-33ba02cd call 33ae76b2 1295->1299 1303 33ba0751-33ba0760 1298->1303 1304 33ba02d3-33ba02e9 1299->1304 1305 33ba06f7 1299->1305 1307 33ba02eb-33ba02ee 1304->1307 1308 33ba02f0-33ba02f2 1304->1308 1306 33ba06fa-33ba074e call 33ba0766 1305->1306 1306->1303 1309 33ba02f3-33ba030a 1307->1309 1308->1309 1311 33ba0310-33ba0313 1309->1311 1312 33ba06b1-33ba06ba GetPEB 1309->1312 1311->1312 1314 33ba0319-33ba0322 1311->1314 1316 33ba06d9-33ba06de call 33aeb970 1312->1316 1317 33ba06bc-33ba06d7 GetPEB call 33aeb970 1312->1317 1319 33ba033e-33ba0351 call 33ba0cb5 1314->1319 1320 33ba0324-33ba033b call 33afffb0 1314->1320 1322 33ba06e3-33ba06f4 call 33aeb970 1316->1322 1317->1322 1330 33ba035c-33ba0370 call 33ae758f 1319->1330 1331 33ba0353-33ba035a 1319->1331 1320->1319 1322->1305 1334 33ba05a2-33ba05a7 1330->1334 1335 33ba0376-33ba0382 GetPEB 1330->1335 1331->1330 1334->1306 1336 33ba05ad-33ba05b9 GetPEB 1334->1336 1337 33ba03f0-33ba03fb 1335->1337 1338 33ba0384-33ba0387 1335->1338 1341 33ba05bb-33ba05be 1336->1341 1342 33ba0627-33ba0632 1336->1342 1343 33ba04e8-33ba04fa call 33b027f0 1337->1343 1344 33ba0401-33ba0408 1337->1344 1339 33ba0389-33ba03a4 GetPEB call 33aeb970 1338->1339 1340 33ba03a6-33ba03ab call 33aeb970 1338->1340 1354 33ba03b0-33ba03d1 call 33aeb970 GetPEB 1339->1354 1340->1354 1346 33ba05dd-33ba05e2 call 33aeb970 1341->1346 1347 33ba05c0-33ba05db GetPEB call 33aeb970 1341->1347 1342->1306 1351 33ba0638-33ba0643 1342->1351 1366 33ba0590-33ba059d call 33ba11a4 call 33ba0cb5 1343->1366 1367 33ba0500-33ba0507 1343->1367 1344->1343 1350 33ba040e-33ba0417 1344->1350 1365 33ba05e7-33ba05fb call 33aeb970 1346->1365 1347->1365 1357 33ba0438-33ba043c 1350->1357 1358 33ba0419-33ba0429 1350->1358 1351->1306 1359 33ba0649-33ba0654 1351->1359 1354->1343 1384 33ba03d7-33ba03eb 1354->1384 1361 33ba044e-33ba0454 1357->1361 1362 33ba043e-33ba044c call 33b23bc9 1357->1362 1358->1357 1368 33ba042b-33ba0435 call 33badac6 1358->1368 1359->1306 1360 33ba065a-33ba0663 GetPEB 1359->1360 1369 33ba0682-33ba0687 call 33aeb970 1360->1369 1370 33ba0665-33ba0680 GetPEB call 33aeb970 1360->1370 1372 33ba0457-33ba0460 1361->1372 1362->1372 1396 33ba05fe-33ba0608 GetPEB 1365->1396 1366->1334 1375 33ba0509-33ba0510 1367->1375 1376 33ba0512-33ba051a 1367->1376 1368->1357 1393 33ba068c-33ba06ac call 33b986ba call 33aeb970 1369->1393 1370->1393 1382 33ba0472-33ba0475 1372->1382 1383 33ba0462-33ba0470 1372->1383 1375->1376 1386 33ba0538-33ba053c 1376->1386 1387 33ba051c-33ba052c 1376->1387 1394 33ba0477-33ba047e 1382->1394 1395 33ba04e5 1382->1395 1383->1382 1384->1343 1390 33ba053e-33ba0551 call 33b23bc9 1386->1390 1391 33ba056c-33ba0572 1386->1391 1387->1386 1397 33ba052e-33ba0533 call 33badac6 1387->1397 1409 33ba0563 1390->1409 1410 33ba0553-33ba0561 call 33b1fe99 1390->1410 1402 33ba0575-33ba057c 1391->1402 1393->1396 1394->1395 1401 33ba0480-33ba048b 1394->1401 1395->1343 1396->1306 1403 33ba060e-33ba0622 1396->1403 1397->1386 1401->1395 1407 33ba048d-33ba0496 GetPEB 1401->1407 1402->1366 1408 33ba057e-33ba058e 1402->1408 1403->1306 1412 33ba0498-33ba04b3 GetPEB call 33aeb970 1407->1412 1413 33ba04b5-33ba04ba call 33aeb970 1407->1413 1408->1366 1415 33ba0566-33ba056a 1409->1415 1410->1415 1419 33ba04bf-33ba04dd call 33b986ba call 33aeb970 1412->1419 1413->1419 1415->1402 1419->1395
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                      • API String ID: 3446177414-1700792311
                                      • Opcode ID: 43a4a649508014051718fb71d9a86ff31e267e2c6de51407f821a731c4704e66
                                      • Instruction ID: 30cc57f429c5387c74ca1cc0b0c7c8534b8b28689cd50fe8bbdd767fafe7273f
                                      • Opcode Fuzzy Hash: 43a4a649508014051718fb71d9a86ff31e267e2c6de51407f821a731c4704e66
                                      • Instruction Fuzzy Hash: D3D1F279909B95DFDB01CF6CC440AADBBF1FF49304F48806AE8959BA52CB38D985CB50
                                      Function 33B9F525 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 231timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                      • API String ID: 3446177414-1745908468
                                      • Opcode ID: 95a86d54d69f15d0d24d4191f9f5c4cd7b83d165c34d0816c5df2a52a559b345
                                      • Instruction ID: 06865f8244152316933821a34dcaeddea71b1d993311a3f1ff471677a2a86302
                                      • Opcode Fuzzy Hash: 95a86d54d69f15d0d24d4191f9f5c4cd7b83d165c34d0816c5df2a52a559b345
                                      • Instruction Fuzzy Hash: 6F91EF35901755DFEB01CF68C480AD9BBF1FF09321F1881BEE894ABA61CB399881CB50
                                      Function 33BA12ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                      • API String ID: 0-3591852110
                                      • Opcode ID: 407dd4a6599cd01a713c8b8666ae49b39fa0fcde6829a40d36ca0c29b5e7da0f
                                      • Instruction ID: 89439cc0e80823ba9bc20e4532213d1f3bba0489ac8b15c7214fef87abd56614
                                      • Opcode Fuzzy Hash: 407dd4a6599cd01a713c8b8666ae49b39fa0fcde6829a40d36ca0c29b5e7da0f
                                      • Instruction Fuzzy Hash: 4012AD74609B52EFE7558F2DC440BBABBF5FF09314F58846AE8958BA41DB34E880CB50
                                      Function 33AED34C Relevance: 11.6, Strings: 9, Instructions: 312COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                                      • API String ID: 0-3532704233
                                      • Opcode ID: ca33231d7c6eef8b4f6775578d0249ab30d34d74a5bf373d73ee0f710a9d71fc
                                      • Instruction ID: e0af31cf09de0b3c0a31f9e0b1ca3d25491f750b79b9346f687bb19aab736bd0
                                      • Opcode Fuzzy Hash: ca33231d7c6eef8b4f6775578d0249ab30d34d74a5bf373d73ee0f710a9d71fc
                                      • Instruction Fuzzy Hash: CEB19AB69083559FD711CF28C880A5BBBE8EB88754F45493EF898D7240DB34D948CBA6
                                      Function 33B01070 Relevance: 11.4, APIs: 2, Strings: 4, Instructions: 940timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID: !(CheckedFlags & ~HEAP_CREATE_VALID_MASK)$@$HEAP: $HEAP[%wZ]:
                                      • API String ID: 3446177414-3570731704
                                      • Opcode ID: a22efaf061c55c8bd17ed6a9deb795f91c820ea874cf1191cf549bda5216ba8a
                                      • Instruction ID: c820e81d4e5832f5b7d4ce4488b2d300f5b2d4339610bc8fe953a232d6298de8
                                      • Opcode Fuzzy Hash: a22efaf061c55c8bd17ed6a9deb795f91c820ea874cf1191cf549bda5216ba8a
                                      • Instruction Fuzzy Hash: E5922779E01369CFEB28CB18C880B99BBB5FF45354F0581EAE949A7251DB349E80CF51
                                      Function 33B1D7B0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 151timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • RtlDebugPrintTimes.NTDLL ref: 33B1D959
                                        • Part of subcall function 33AF4859: RtlDebugPrintTimes.NTDLL ref: 33AF48F7
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                      • API String ID: 3446177414-1975516107
                                      • Opcode ID: f2de21571d02597d27cfe0044992ab9dbcc276519defd8d42ef141620d568f5d
                                      • Instruction ID: 94b164b698774724dec2c95ac49d280ad3790051233443a3f986d0b1b7a5d634
                                      • Opcode Fuzzy Hash: f2de21571d02597d27cfe0044992ab9dbcc276519defd8d42ef141620d568f5d
                                      • Instruction Fuzzy Hash: FF51BC75E00359DFEB00DFA8C980BADBBF1FB48394F18416DD8506B691C7B8A956CB90
                                      Function 33B1DB00 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 133timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlUnlockHeap
                                      • API String ID: 3446177414-3224558752
                                      • Opcode ID: 9934d7ea6e3432e9e484f67ea6e052ca36084a17c88f3ca95810d2612fca4545
                                      • Instruction ID: 0707550c0c1754c29e58607783e5fc1a2dbeec8adb173eaf2069a944f3297c0d
                                      • Opcode Fuzzy Hash: 9934d7ea6e3432e9e484f67ea6e052ca36084a17c88f3ca95810d2612fca4545
                                      • Instruction Fuzzy Hash: 57410575E01764DFE701CF28C584B6BB7F4EF053A4F144679E85197A91CB78A880CB91
                                      Function 33B1DBA0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 84timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlLockHeap
                                      • API String ID: 3446177414-1222099010
                                      • Opcode ID: 1e362ce6c44f4c4129880d11ec8a8e2cacc2768d780e0b0e8ff94cf0aff70cc4
                                      • Instruction ID: 8b7064af287186521fe3cb93cf8cc8bd3ab09db9964fee42f20bf0aa27d08c30
                                      • Opcode Fuzzy Hash: 1e362ce6c44f4c4129880d11ec8a8e2cacc2768d780e0b0e8ff94cf0aff70cc4
                                      • Instruction Fuzzy Hash: 2831F7799057D4DFF312DB28C908F56B7E8EF01790F0845AAF85697B52CBB8A880CB51
                                      Function 33B89179 Relevance: 10.4, Strings: 8, Instructions: 401COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: %s\%ld\%s$%s\%u-%u-%u-%u$AppContainerNamedObjects$BaseNamedObjects$Global\Session\%ld%s$\AppContainerNamedObjects$\BaseNamedObjects$\Sessions
                                      • API String ID: 0-3063724069
                                      • Opcode ID: 904fb9c607d6c525705e25862ecf0180580950c15c46282d11f9e8981a0f02ec
                                      • Instruction ID: d895c8d93b0a165b699b5d6144dae17a667ebfe65c84f9f3d7d5e4aaf927fc0e
                                      • Opcode Fuzzy Hash: 904fb9c607d6c525705e25862ecf0180580950c15c46282d11f9e8981a0f02ec
                                      • Instruction Fuzzy Hash: 97D1B2B2C053A5AFEB21CE54C840FABB7E8EF84754F44493AF994AB150D774CD488B92
                                      Function 33AED08D Relevance: 10.2, Strings: 8, Instructions: 249COMMON
                                      Download Yara Rule
                                      Strings
                                      • Control Panel\Desktop\LanguageConfiguration, xrefs: 33AED196
                                      • @, xrefs: 33AED0FD
                                      • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 33AED0CF
                                      • @, xrefs: 33AED2AF
                                      • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 33AED146
                                      • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 33AED2C3
                                      • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 33AED262
                                      • @, xrefs: 33AED313
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration
                                      • API String ID: 0-1356375266
                                      • Opcode ID: 485d9090bd7ac0e2b050d77b24a1fe5410f0872fcd41c9b306e10abf5b4ef759
                                      • Instruction ID: c34ed91120765a14e5c63c84ae5602e2f2efb409bc2b89381aa5523e2b5f1e7a
                                      • Opcode Fuzzy Hash: 485d9090bd7ac0e2b050d77b24a1fe5410f0872fcd41c9b306e10abf5b4ef759
                                      • Instruction Fuzzy Hash: 51A169B59083559FE321CF24C980B9BBBE8FF84765F40492EE99896240E774D908CF93
                                      Function 33AEF172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                      • API String ID: 0-523794902
                                      • Opcode ID: 066cb678a5e8c2a52ffcb84b8ac7cd6dc3bbe8eb5a03a0431b9ef92576a93a3f
                                      • Instruction ID: 1623b80b0097f942bf88361aca1a4fe61fbbd82544d8340c858a99d4ce0fc2b6
                                      • Opcode Fuzzy Hash: 066cb678a5e8c2a52ffcb84b8ac7cd6dc3bbe8eb5a03a0431b9ef92576a93a3f
                                      • Instruction Fuzzy Hash: 5A4213756097829FD305CF28C884B2ABBE5FF84384F094A6EE895CB752DB34D941CB51
                                      Function 33B0B1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                      • API String ID: 0-122214566
                                      • Opcode ID: 4bdb8fa01dd54a8f5f8f6f734cc2460287154405710dc845d34a2605c07142b1
                                      • Instruction ID: dc3cce8a4f6919c5f9cd7b67c6dc694cdf73b45b6f7defaf0df0666d1fd2413c
                                      • Opcode Fuzzy Hash: 4bdb8fa01dd54a8f5f8f6f734cc2460287154405710dc845d34a2605c07142b1
                                      • Instruction Fuzzy Hash: 99C11471E003699BEB14CB64C880B7E7FA5EF85309F1840B9EC45EB691DBB4CA44CB91
                                      Function 33B00770 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 414COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                      • API String ID: 0-4253913091
                                      • Opcode ID: d3f28a5df87ee963863b9f691fde56597b05bc8c7e2f88b39657fbb88ff21015
                                      • Instruction ID: 175ce7d367e9574de6cb29dcb78b922ec93d74797a6950627fc1b8a5110d0da9
                                      • Opcode Fuzzy Hash: d3f28a5df87ee963863b9f691fde56597b05bc8c7e2f88b39657fbb88ff21015
                                      • Instruction Fuzzy Hash: D5F17874A00705DFEB05CF68C890B6ABBB5FB44304F1482B9E4969B791DB38E981CF90
                                      Function 33B1F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                      Download Yara Rule
                                      Strings
                                      • RTL: Re-Waiting, xrefs: 33B6031E
                                      • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 33B602E7
                                      • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 33B602BD
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                      • API String ID: 0-2474120054
                                      • Opcode ID: 1108395340ee21775cb597b5c079b2290a408cdf32dd2603825278f25b60c2aa
                                      • Instruction ID: 83e639c5c20fd6c9f39a00acc82ed97d25beb64b8f87e1b1e06c1e430890bad6
                                      • Opcode Fuzzy Hash: 1108395340ee21775cb597b5c079b2290a408cdf32dd2603825278f25b60c2aa
                                      • Instruction Fuzzy Hash: CFE1AD75A087419FE711CF28C880B1AB7E0FF89364F140B39F4A58B692DB78D954CB42
                                      Function 33B151EF Relevance: 6.7, Strings: 5, Instructions: 434COMMON
                                      Download Yara Rule
                                      Strings
                                      • Kernel-MUI-Language-Disallowed, xrefs: 33B15352
                                      • Kernel-MUI-Language-SKU, xrefs: 33B1542B
                                      • Kernel-MUI-Number-Allowed, xrefs: 33B15247
                                      • WindowsExcludedProcs, xrefs: 33B1522A
                                      • Kernel-MUI-Language-Allowed, xrefs: 33B1527B
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                      • API String ID: 0-258546922
                                      • Opcode ID: f1c7668f51c7674fc8e5d3ef84b9e8eaec5caf70b152860487a09c47efd2e6f8
                                      • Instruction ID: f1d2968e9c500a4a7352ec50a212c8aba61c2b28929dc496294f980e51c25793
                                      • Opcode Fuzzy Hash: f1c7668f51c7674fc8e5d3ef84b9e8eaec5caf70b152860487a09c47efd2e6f8
                                      • Instruction Fuzzy Hash: A0F14BB6D01629EFDB01CF98C980EDEBBF9FF48650F55006AE401E7610DB749E018BA0
                                      Function 33BCB16B Relevance: 6.4, APIs: 4, Instructions: 450timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID:
                                      • API String ID: 3446177414-0
                                      • Opcode ID: 0d14ab00bdb93c4d349eb5327bb5e56ebc8ecf3de5c0f50457e51cb7809cf1d8
                                      • Instruction ID: 3db009899ea83c5f0ca502cebe7f9bfbacd3cc47a6fbebb2cd253b63c293fc30
                                      • Opcode Fuzzy Hash: 0d14ab00bdb93c4d349eb5327bb5e56ebc8ecf3de5c0f50457e51cb7809cf1d8
                                      • Instruction Fuzzy Hash: 6FF11976F406618BDB18CF69C9A067EFBF9EF88210B19417DD496DB381D634EA01CB90
                                      Function 33AE76B2 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlFreeHeap
                                      • API String ID: 0-3061284088
                                      • Opcode ID: 461694aa9f41b63e69afd8183350c7d41911232b779ea3dad35e04ce61af73b9
                                      • Instruction ID: 9b6d59435bd937db5a31c0240fa48ad3821d8617d1a80cf09fd52aaaf0b8c2f2
                                      • Opcode Fuzzy Hash: 461694aa9f41b63e69afd8183350c7d41911232b779ea3dad35e04ce61af73b9
                                      • Instruction Fuzzy Hash: 5801477641E3A1DEE219D31CE50DF5277E4EB42631F2840ABF85087F92CBA89C84E564
                                      Function 33B070C0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                      • API String ID: 0-3178619729
                                      • Opcode ID: c830b26f7aad67315edfb93a5dbdbb8d587ee7d6ba4272946ca305add98478d8
                                      • Instruction ID: 692d193b931316a5aef7f2fce86e2a2c3eb70f2acbf9bda76fdfcaa6580199df
                                      • Opcode Fuzzy Hash: c830b26f7aad67315edfb93a5dbdbb8d587ee7d6ba4272946ca305add98478d8
                                      • Instruction Fuzzy Hash: DF137C74A00765DFEB15CF68C490BA9FBB1FF49304F1881A9E899AB381D734A945CF90
                                      Function 33AEF626 Relevance: 5.2, Strings: 4, Instructions: 188COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                      • API String ID: 0-2586055223
                                      • Opcode ID: 2035f140e8b1a5ebcd1fc61fb7fcc1933b0b9af799d269e0de70949df6885b6f
                                      • Instruction ID: ee2d57d543ced25716353083119efd7b018d91f7335778cfb314239117ed43f8
                                      • Opcode Fuzzy Hash: 2035f140e8b1a5ebcd1fc61fb7fcc1933b0b9af799d269e0de70949df6885b6f
                                      • Instruction Fuzzy Hash: 8E61F076605780AFE311CB28DD44F5B77E8FF80790F09056AF9948B6A1DB34D901DB61
                                      Function 33BA11A4 Relevance: 5.1, Strings: 4, Instructions: 113COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                      • API String ID: 0-336120773
                                      • Opcode ID: 62d3009eb62e1c2258351ef29af23a58a48534f2d1f1dea0839bf40c0c104fb5
                                      • Instruction ID: cfc25006073406baf496910e9a199f17ec1ebcbbd3c2da6828133f9dab249d4e
                                      • Opcode Fuzzy Hash: 62d3009eb62e1c2258351ef29af23a58a48534f2d1f1dea0839bf40c0c104fb5
                                      • Instruction Fuzzy Hash: D031FE35A09B20EFE740CBACC885F5A77E8FF05660F580066F881DB691EB74EC41CA65
                                      Function 33AE9148 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                      • API String ID: 0-1391187441
                                      • Opcode ID: 2cb49b20949c06bc7922147236790f05c0dc0592dff43f03f8f0edd508440314
                                      • Instruction ID: 45cd9ed8bc5b4849ad7f238017b6cc23ab3e0c231b46e29042cd94f1d60fbbd2
                                      • Opcode Fuzzy Hash: 2cb49b20949c06bc7922147236790f05c0dc0592dff43f03f8f0edd508440314
                                      • Instruction Fuzzy Hash: 2C31AF36A01215EFDB01CB49C888F9ABBF8EF45760F14406AED94AB291DB74ED40CB60
                                      Function 33AF7152 Relevance: 4.7, APIs: 3, Instructions: 158timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID:
                                      • API String ID: 3446177414-0
                                      • Opcode ID: 6ea20131de52377cc5642e18d4339a6f98261ae977a6c9a1e0fb7ce17e2b1a78
                                      • Instruction ID: 77782493e096c595586c6c59c196c9a59d978323241b9e216322a119563fd087
                                      • Opcode Fuzzy Hash: 6ea20131de52377cc5642e18d4339a6f98261ae977a6c9a1e0fb7ce17e2b1a78
                                      • Instruction Fuzzy Hash: C851EC74A00709AFFB05DB68CD44BADBBB8FF04392F14412AF851936A0EB769905CB90
                                      Function 33B83A78 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: LdrpResSearchResourceHandle Enter$LdrpResSearchResourceHandle Exit$PE
                                      • API String ID: 0-1168191160
                                      • Opcode ID: ec289de0b31012c5c8fd024c1fab590fba9547e33eb94506b52e29e64b881a19
                                      • Instruction ID: b72d84416f2e44d72407c7d90f761f547ad45343e8d3b7f13d57791b836575da
                                      • Opcode Fuzzy Hash: ec289de0b31012c5c8fd024c1fab590fba9547e33eb94506b52e29e64b881a19
                                      • Instruction Fuzzy Hash: D2F16EB9A003A88BDB20CF18CC90B99B7B5EF44754F4481F9D94CAB240EB359E85CF65
                                      Function 33AF1460 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                      Download Yara Rule
                                      Strings
                                      • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 33AF1728
                                      • HEAP[%wZ]: , xrefs: 33AF1712
                                      • HEAP: , xrefs: 33AF1596
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                      • API String ID: 0-3178619729
                                      • Opcode ID: 8516422cd417137cea067134ab05b7c57b27b2a02bff7a501d970dbdcaeda9d2
                                      • Instruction ID: 0c94bcd12ea2998e02e79820780e276bfe67885cb33962b5eee35aee199c0666
                                      • Opcode Fuzzy Hash: 8516422cd417137cea067134ab05b7c57b27b2a02bff7a501d970dbdcaeda9d2
                                      • Instruction Fuzzy Hash: 4EE1DE74A047459FE719CF28C890A7ABBF5EF49300F18856EE8D68B246DB39E940DB50
                                      Function 33AFBAA0 Relevance: 4.1, Strings: 3, Instructions: 361COMMON
                                      Download Yara Rule
                                      Strings
                                      • {, xrefs: 33B53ABD
                                      • 'LDR: %s(), invalid image format of MUI file , xrefs: 33B53AB4
                                      • LdrpLoadResourceFromAlternativeModule, xrefs: 33B53AAF
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 'LDR: %s(), invalid image format of MUI file $LdrpLoadResourceFromAlternativeModule${
                                      • API String ID: 0-1697150599
                                      • Opcode ID: 1c025df763119ab2cf01fae5418d1c9e383dee440335bf6dc8902daae1036abf
                                      • Instruction ID: 66904cb2f372a7fe4192edc7958d9f33f41596307a15b22ee932646bc007ec0d
                                      • Opcode Fuzzy Hash: 1c025df763119ab2cf01fae5418d1c9e383dee440335bf6dc8902daae1036abf
                                      • Instruction Fuzzy Hash: DAE177756083858BE304CF14C990B6BB7F5AF88784F458A2EFC899B350DB72D945CB92
                                      Function 33AFB6C0 Relevance: 4.1, Strings: 3, Instructions: 303COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
                                      • API String ID: 0-1145731471
                                      • Opcode ID: 1267f5583e0261e0c4fe4eb5d3323fcd664f8760e230ed8cc316d593f551e00e
                                      • Instruction ID: a871be824e124c8f42139d4ff34ed6f5342a1c22fc0875c69dd700c15e96ce34
                                      • Opcode Fuzzy Hash: 1267f5583e0261e0c4fe4eb5d3323fcd664f8760e230ed8cc316d593f551e00e
                                      • Instruction Fuzzy Hash: BCB1AA75A057148FEB19CF69CD80B9DB7B6AF84394F184A2AF855EB780D731E840CB60
                                      Function 33B7368C Relevance: 4.0, Strings: 3, Instructions: 292COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: @$DelegatedNtdll$\SystemRoot\system32\
                                      • API String ID: 0-2391371766
                                      • Opcode ID: 4cb9f7023fe0514c79635fdc5f77de8c3dabb8b4ab2fd3e8d911a8dd501eb2f1
                                      • Instruction ID: 0bf5a0d1771cd09794c128e1f7a8a998201616da4125683983ee173dcc996d7b
                                      • Opcode Fuzzy Hash: 4cb9f7023fe0514c79635fdc5f77de8c3dabb8b4ab2fd3e8d911a8dd501eb2f1
                                      • Instruction Fuzzy Hash: FAB1BEB5A05355AFE311DE54C881F5BB7E8EF44750F40093AFAA4AB680D774E804CBE2
                                      Function 33B93B60 Relevance: 4.0, Strings: 3, Instructions: 280COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: @$@$\Registry\Machine\System\CurrentControlSet\Control\MUI\UILanguages
                                      • API String ID: 0-1146358195
                                      • Opcode ID: 5beb3e841f36d9398eec9cdb8fa533cee4ee6fc6821a07c063f726a6f908e1fb
                                      • Instruction ID: c85f71967bb02ca9032026d60b4a4bbc1ad22f77d4c5ec6ade6e823f2e295334
                                      • Opcode Fuzzy Hash: 5beb3e841f36d9398eec9cdb8fa533cee4ee6fc6821a07c063f726a6f908e1fb
                                      • Instruction Fuzzy Hash: 19A15971A097659FE711CF24C880A9BBBE8FF88B54F45093DB98897650DB34DD048BA2
                                      Function 33B836EE Relevance: 4.0, Strings: 3, Instructions: 236COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: @$LdrpResMapFile Enter$LdrpResMapFile Exit
                                      • API String ID: 0-318774311
                                      • Opcode ID: d3d76b05f952abdaa79ca3abb00652cc8d6dda5dd2e14f74713d8b35ce58c3dc
                                      • Instruction ID: f04c26aa76fb36e26d324d099f5410b22c772c0cb2b8cbe1fd21e041c9d66708
                                      • Opcode Fuzzy Hash: d3d76b05f952abdaa79ca3abb00652cc8d6dda5dd2e14f74713d8b35ce58c3dc
                                      • Instruction Fuzzy Hash: 96818CB9609391AFE711CB14C884F6ABBE8FF85750F440939F9989B390DB74D904CB62
                                      Function 33B77410 Relevance: 4.0, Strings: 3, Instructions: 233COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Objects=%4u$Objects>%4u$VirtualAlloc
                                      • API String ID: 0-3870751728
                                      • Opcode ID: fef254a28161f81d27568b2e9aa0133018d9193241899a2fbb3c166a1f4d55e3
                                      • Instruction ID: fd231e8df90e303954232f22a5c4c98c534548c52d0cd29373719c1d18f9623e
                                      • Opcode Fuzzy Hash: fef254a28161f81d27568b2e9aa0133018d9193241899a2fbb3c166a1f4d55e3
                                      • Instruction Fuzzy Hash: AE9149B4E003159FEB14CF68C881BADBBB1FF48354F14817AE954AB295E7759842CF90
                                      Function 33AFB440 Relevance: 4.0, Strings: 3, Instructions: 221COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: LdrpResGetResourceDirectory Enter$LdrpResGetResourceDirectory Exit${
                                      • API String ID: 0-373624363
                                      • Opcode ID: 49f250bb21f9ed01eddcbf262e1ccf1eac6ba0cbb4fd75643451da3441235bbc
                                      • Instruction ID: 34a5ba9a9700c4234f4ac90cdd9f6c60bc7400ffde9246563ac63fc7762aaa1c
                                      • Opcode Fuzzy Hash: 49f250bb21f9ed01eddcbf262e1ccf1eac6ba0cbb4fd75643451da3441235bbc
                                      • Instruction Fuzzy Hash: 9891BBB5E04719CBEB11CF54C940BAEB7B5EF00354F1841AAFC55AB390DB799A81CBA0
                                      Function 33B2909C Relevance: 3.9, Strings: 3, Instructions: 199COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: %$&$@
                                      • API String ID: 0-1537733988
                                      • Opcode ID: c18526a60d8428698cc98a5adf713f15a0793bc927a6b7fef24c3889a8e6253a
                                      • Instruction ID: 134870127cffa6e3f198b04228a8c7bb3ccb6bda7b8b1f895554cfcb8d6e4e57
                                      • Opcode Fuzzy Hash: c18526a60d8428698cc98a5adf713f15a0793bc927a6b7fef24c3889a8e6253a
                                      • Instruction Fuzzy Hash: 4C71AD74A083019FE304CF25C980A0BBBE9FF88658F148A3EE49DD7691D731D925CB92
                                      Function 33BCB73C Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                                      Download Yara Rule
                                      Strings
                                      • GlobalizationUserSettings, xrefs: 33BCB834
                                      • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 33BCB82A
                                      • TargetNtPath, xrefs: 33BCB82F
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                      • API String ID: 0-505981995
                                      • Opcode ID: 041e0f452183028ff8d59a040f787ed229c9926249a2f32b225abd854dab112a
                                      • Instruction ID: 384ba4d8ee6267235d84ec81ef199ee7158df3efab0a2e9e4e6295eccf294ee4
                                      • Opcode Fuzzy Hash: 041e0f452183028ff8d59a040f787ed229c9926249a2f32b225abd854dab112a
                                      • Instruction Fuzzy Hash: DC617B72D41268AFDB31DB54DC88B9EB7B8EF14710F4101EAA908EB650DB749E84CF90
                                      Function 33AEF7BA Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                      Download Yara Rule
                                      Strings
                                      • HEAP[%wZ]: , xrefs: 33B4E6A6
                                      • HEAP: , xrefs: 33B4E6B3
                                      • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 33B4E6C6
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                      • API String ID: 0-1340214556
                                      • Opcode ID: 52954c0a9e68a8995c7ebae4b2338f9413330ae8456e6b77017fa0acb8588daa
                                      • Instruction ID: d7a243475b4986cea6fa8ab298ba37cf6925115c7da90d7f0a2f3fcdfe3bd8db
                                      • Opcode Fuzzy Hash: 52954c0a9e68a8995c7ebae4b2338f9413330ae8456e6b77017fa0acb8588daa
                                      • Instruction Fuzzy Hash: 9D51E675604784EFE312CBA8C984F9ABBF8FF05340F0542A6E994CB692D774E950DB60
                                      Function 33B115F4 Relevance: 3.9, Strings: 3, Instructions: 166COMMON
                                      Download Yara Rule
                                      Strings
                                      • Could not validate the crypto signature for DLL %wZ, xrefs: 33B5A589
                                      • minkernel\ntdll\ldrmap.c, xrefs: 33B5A59A
                                      • LdrpCompleteMapModule, xrefs: 33B5A590
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                      • API String ID: 0-1676968949
                                      • Opcode ID: ce0610e8fae575830e1a901ba1efbf7d264f2fd8ad9784fa29d204f860e3c72d
                                      • Instruction ID: f3bc114cf559ec8c46596748e9ce430dbc3ae34474df086509b17c8c3a169970
                                      • Opcode Fuzzy Hash: ce0610e8fae575830e1a901ba1efbf7d264f2fd8ad9784fa29d204f860e3c72d
                                      • Instruction Fuzzy Hash: 6551CFB4A10745DBF712CE58C984F0A7BE8EF01754F1806B5F991ABAE1DB75E810CB40
                                      Function 33B9DAAC Relevance: 3.9, Strings: 3, Instructions: 163COMMON
                                      Download Yara Rule
                                      Strings
                                      • HEAP[%wZ]: , xrefs: 33B9DC12
                                      • Heap block at %p modified at %p past requested size of %Ix, xrefs: 33B9DC32
                                      • HEAP: , xrefs: 33B9DC1F
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                      • API String ID: 0-3815128232
                                      • Opcode ID: 94d62b09aa72282eeb08996af309cfe893343d9f6035e37362089560dc92e601
                                      • Instruction ID: 19f65847c66b8d633edde44fb02d404f92a900d2bb88d8679aefa50992f83c9c
                                      • Opcode Fuzzy Hash: 94d62b09aa72282eeb08996af309cfe893343d9f6035e37362089560dc92e601
                                      • Instruction Fuzzy Hash: D65100791043608AF350CB2BC9407F273E1EB553C4F8488BEE4D18B685D66AD847DB60
                                      Function 33AF1B04 Relevance: 3.9, Strings: 3, Instructions: 148COMMON
                                      Download Yara Rule
                                      Strings
                                      • HEAP[%wZ]: , xrefs: 33B4FB4B
                                      • RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex)), xrefs: 33B4FB63
                                      • HEAP: , xrefs: 33B4FB58
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: HEAP: $HEAP[%wZ]: $RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex))
                                      • API String ID: 0-1596344177
                                      • Opcode ID: 069a42f4ac6dfd0f71ee03b8a1c2aad46030d66ec1d7d792cc8d0731722dacdb
                                      • Instruction ID: 20b6608f636da5fc680e30673aa272b1b60aa8613f18e48c4153167a2fbc02d1
                                      • Opcode Fuzzy Hash: 069a42f4ac6dfd0f71ee03b8a1c2aad46030d66ec1d7d792cc8d0731722dacdb
                                      • Instruction Fuzzy Hash: 7F51CF34A04215DFEB04CF68C984A6ABBF5FF45314F1981AAE8549F642E736ED42CF90
                                      Function 33AE758F Relevance: 3.9, Strings: 3, Instructions: 132COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
                                      • API String ID: 0-1151232445
                                      • Opcode ID: c8a0682fb8e4d78234e032c769cfa3f8b45b723e047201d073b36229183f0e73
                                      • Instruction ID: dde27c0fc4f3136cb13ad4291a2671eb222f64a3c1952d8bef438a8af41b15d7
                                      • Opcode Fuzzy Hash: c8a0682fb8e4d78234e032c769cfa3f8b45b723e047201d073b36229183f0e73
                                      • Instruction Fuzzy Hash: A94126B8200390CFEF14CA5DC481B69B7E5EF01388F5844BEE885CB686DB79D486DB55
                                      Function 33B216CF Relevance: 3.9, Strings: 3, Instructions: 127COMMON
                                      Download Yara Rule
                                      Strings
                                      • minkernel\ntdll\ldrtls.c, xrefs: 33B61B4A
                                      • TlsVector %p Index %d : %d bytes copied from %p to %p, xrefs: 33B61B39
                                      • LdrpAllocateTls, xrefs: 33B61B40
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: LdrpAllocateTls$TlsVector %p Index %d : %d bytes copied from %p to %p$minkernel\ntdll\ldrtls.c
                                      • API String ID: 0-4274184382
                                      • Opcode ID: 5bddc421a246176c4ac3ef3afdab16a99f1fcdbcdd59dfaa2eb885ef3e05b203
                                      • Instruction ID: 24df0eb933f685808283fd0d963240ccdf6656bc8e37e2357e919aea40096181
                                      • Opcode Fuzzy Hash: 5bddc421a246176c4ac3ef3afdab16a99f1fcdbcdd59dfaa2eb885ef3e05b203
                                      • Instruction Fuzzy Hash: C14169B5E01618AFDB15CFA8CD50AAEBBF5FF88304F048269E419A7651D775A801CF90
                                      Function 33BA5180 Relevance: 3.9, Strings: 3, Instructions: 114COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Leaked Block 0x%p size 0x%p (stack %p depth %u)$HEAP: $HEAP[%wZ]:
                                      • API String ID: 0-964947082
                                      • Opcode ID: 8ae2bf02113720550e6f0eab563277132e72ba0b4d3940563618e5603fd0e55d
                                      • Instruction ID: cfb1be35764bd3af9e7760dc85e11338b9832908c5f589855808d21d56444434
                                      • Opcode Fuzzy Hash: 8ae2bf02113720550e6f0eab563277132e72ba0b4d3940563618e5603fd0e55d
                                      • Instruction Fuzzy Hash: A541CDB5E19768AFD710DF9CDA80F6A3BF9EB04310F40407BE991AB641D7349A84CB60
                                      Function 33B233A0 Relevance: 3.9, Strings: 3, Instructions: 111COMMON
                                      Download Yara Rule
                                      Strings
                                      • SXS: %s() passed the empty activation context data, xrefs: 33B629FE
                                      • RtlCreateActivationContext, xrefs: 33B629F9
                                      • Actx , xrefs: 33B233AC
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Actx $RtlCreateActivationContext$SXS: %s() passed the empty activation context data
                                      • API String ID: 0-859632880
                                      • Opcode ID: 50d202c7a43f3614d257b10bf7cd927cf10d7bb8f7fbba82785c7d0344910380
                                      • Instruction ID: 47d3ec80cf27fc0d5a612c0a36fe26d9cea875e0711b03ea2537a993ce3f8329
                                      • Opcode Fuzzy Hash: 50d202c7a43f3614d257b10bf7cd927cf10d7bb8f7fbba82785c7d0344910380
                                      • Instruction Fuzzy Hash: B53110326003159FEB12CE58D890F967BA4FB84754F4985B9EC58DF282CB74D841CBA0
                                      Function 33B7B594 Relevance: 3.9, Strings: 3, Instructions: 107COMMON
                                      Download Yara Rule
                                      Strings
                                      • GlobalFlag, xrefs: 33B7B68F
                                      • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 33B7B632
                                      • @, xrefs: 33B7B670
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
                                      • API String ID: 0-4192008846
                                      • Opcode ID: 0c7d5346c98b6fcb2528cba284d7c749958c4a6a36df9326d3b5e210a59fce12
                                      • Instruction ID: e8a2f14a3df9da4881f7695d54eb3825c97f71f8f72d610bdf17e36e77c9c7fe
                                      • Opcode Fuzzy Hash: 0c7d5346c98b6fcb2528cba284d7c749958c4a6a36df9326d3b5e210a59fce12
                                      • Instruction Fuzzy Hash: 603145B5E00219AEDB10DFA4CD80EEEBBB8EF44744F44047AEA15E6250E774DE048FA4
                                      Function 33B913B9 Relevance: 3.9, Strings: 3, Instructions: 101COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: @$OsBootstatPath$\REGISTRY\MACHINE\SYSTEM\CurrentControlSet\Control
                                      • API String ID: 0-1050206962
                                      • Opcode ID: f40f9ba8b298462ec1bbb54f64e70961c2f33d46ff203c3c295bea0205488da8
                                      • Instruction ID: 3e19e1c5540182d72e14de3bbc2317b4ae63cc6218fda3a33b539c81c0819c72
                                      • Opcode Fuzzy Hash: f40f9ba8b298462ec1bbb54f64e70961c2f33d46ff203c3c295bea0205488da8
                                      • Instruction Fuzzy Hash: 9C317AB2D01629EFEB12CF94CC84EEEBBBDEB48654F414075EA04A7610D7349D049FA0
                                      Function 33B21607 Relevance: 3.8, Strings: 3, Instructions: 98COMMON
                                      Download Yara Rule
                                      Strings
                                      • minkernel\ntdll\ldrtls.c, xrefs: 33B61A51
                                      • LdrpInitializeTls, xrefs: 33B61A47
                                      • DLL "%wZ" has TLS information at %p, xrefs: 33B61A40
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: DLL "%wZ" has TLS information at %p$LdrpInitializeTls$minkernel\ntdll\ldrtls.c
                                      • API String ID: 0-931879808
                                      • Opcode ID: a38660766816efb35358cef9d285b657be31d415b134baeae68447500f6191d2
                                      • Instruction ID: e4f6340e0be947471f3dd40fa8a61a302b44208263da6944112776258f3695a2
                                      • Opcode Fuzzy Hash: a38660766816efb35358cef9d285b657be31d415b134baeae68447500f6191d2
                                      • Instruction Fuzzy Hash: 0231F171A10314AFE7119B4CCD94F9E7AB8FB44344F04023AE948F7A80DB74ED058BA0
                                      Function 33B31270 Relevance: 3.8, Strings: 3, Instructions: 97COMMON
                                      Download Yara Rule
                                      Strings
                                      • \Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 33B3127B
                                      • @, xrefs: 33B312A5
                                      • BuildLabEx, xrefs: 33B3130F
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                      • API String ID: 0-3051831665
                                      • Opcode ID: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                                      • Instruction ID: 43c2305597c59b552f25db9f2ff419092e91baf8d9bc26e03e65184e0f537eb5
                                      • Opcode Fuzzy Hash: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                                      • Instruction Fuzzy Hash: 59318F72E01628BFDB119F95CD44EAEBBBDEB85764F004035E914E7560EB30DA058B61
                                      Function 33AE74B0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 117timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID: RtlValidateHeap
                                      • API String ID: 3446177414-1797218451
                                      • Opcode ID: fa18a13f0e0dca3ef86d69291d8a95c634e4afb81bb7472020b27ac00db787f7
                                      • Instruction ID: 856347d8fd4a10f96b50141944d4eb0273ca930cb98f49392f869184c0517fb1
                                      • Opcode Fuzzy Hash: fa18a13f0e0dca3ef86d69291d8a95c634e4afb81bb7472020b27ac00db787f7
                                      • Instruction Fuzzy Hash: 96413875E40359DFDB02CF64C890BAEB7B6FF41251F18826EE87157680CB359901EBA4
                                      Function 33B9705E Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 112timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID: kLsE
                                      • API String ID: 3446177414-3058123920
                                      • Opcode ID: 2b7188f403713f4fd8eb99e70b6ca6944247f249febd58b27f2a3e6c5662ddf6
                                      • Instruction ID: aab3601c5bcb14464b2474d4efd7023478178f9201e065ad5837bb25779f87f7
                                      • Opcode Fuzzy Hash: 2b7188f403713f4fd8eb99e70b6ca6944247f249febd58b27f2a3e6c5662ddf6
                                      • Instruction Fuzzy Hash: 9D4138759213604BF711EB68EA45BE93BF4EB40764F540239FC50AB9C1CB7C4482C7A1
                                      Function 33B052A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: @$@
                                      • API String ID: 0-149943524
                                      • Opcode ID: 3185c3ac6892ed814c30606bbabdeed43c664aad1665db36f60c67f2e6b94f70
                                      • Instruction ID: 4913574f4980117a8c4735cf6c084a5594090c1f1f1f54049c09675aa6b3aec2
                                      • Opcode Fuzzy Hash: 3185c3ac6892ed814c30606bbabdeed43c664aad1665db36f60c67f2e6b94f70
                                      • Instruction Fuzzy Hash: 82329DB85083218BE724CF15C480B6EBBE5EF88784F54493EF9859BA90E774D984CF52
                                      Function 33AF5702 Relevance: 3.1, APIs: 2, Instructions: 104timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID:
                                      • API String ID: 3446177414-0
                                      • Opcode ID: 0902228c612b0b467bdd53c8c38d525847d994108e04495d4b7388d5956aef4c
                                      • Instruction ID: c7d71ca42335f92cb781218d002e1452b5717e5e26ed28d091a4fd47b59a28d9
                                      • Opcode Fuzzy Hash: 0902228c612b0b467bdd53c8c38d525847d994108e04495d4b7388d5956aef4c
                                      • Instruction Fuzzy Hash: 0531AA35A01B12FFE7459B24CE80E8ABBA9FF45394F44042AF84087E50DB75E820CBD0
                                      Function 33B71ACB Relevance: 2.8, Strings: 2, Instructions: 278COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: @$AddD
                                      • API String ID: 0-2525844869
                                      • Opcode ID: c46f7dce27af288cff46b09631bdb63c74bd778df6c362634aaf6a3006944d62
                                      • Instruction ID: d1449f2884541f391d5c3b57a723302bfc6a9dfcd0724e28ec9d283613d26595
                                      • Opcode Fuzzy Hash: c46f7dce27af288cff46b09631bdb63c74bd778df6c362634aaf6a3006944d62
                                      • Instruction Fuzzy Hash: 94A159B2618314AFE314CB54C845FABB7EDFF84714F544A2EF9A486250E770E948CB62
                                      Function 33B0F720 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID: $$$
                                      • API String ID: 3446177414-233714265
                                      • Opcode ID: e236dcd5640529c9c21b67fe83d01f2b15280225b70e0b08c51aa3d667b35057
                                      • Instruction ID: f3136ecd3fb2ed0e06035aa59405c86a53208f76c87e246d9d6b1d3ce42b472e
                                      • Opcode Fuzzy Hash: e236dcd5640529c9c21b67fe83d01f2b15280225b70e0b08c51aa3d667b35057
                                      • Instruction Fuzzy Hash: 08619875E00749DBEB20CFA8C580F99BBB5FF44704F04427AD554ABA80CB74A985CF90
                                      Function 33B835BA Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit
                                      • API String ID: 0-118005554
                                      • Opcode ID: 15b5e8a9045526a2bd09ceeb7433cec6f8b12770c5aab80e21e2cbe107d50be7
                                      • Instruction ID: e1a4933c44b4b676f35a7f87d4b71b2cac281563b4c1b739fd2f5e61bda5f38d
                                      • Opcode Fuzzy Hash: 15b5e8a9045526a2bd09ceeb7433cec6f8b12770c5aab80e21e2cbe107d50be7
                                      • Instruction Fuzzy Hash: 2931AB7960D7919BD301CF68D894B1AB7E4EF85750F080979F898CB390EB34D905CB62
                                      Function 33B2329E Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: .Local\$@
                                      • API String ID: 0-380025441
                                      • Opcode ID: 745902a1c4000be5a5104c962d0bb703080e83e7ec284276b551b91cbe683c7a
                                      • Instruction ID: c8856d4a5acb07c2979d022466dc111aa9195370e8c019c216e4fa64945aadd1
                                      • Opcode Fuzzy Hash: 745902a1c4000be5a5104c962d0bb703080e83e7ec284276b551b91cbe683c7a
                                      • Instruction Fuzzy Hash: EB316DB65097149FD310CF28C980E5BBBE8EB89654F480A3EF5D8C7250DA34DE048BA2
                                      Function 33B234B0 Relevance: 2.6, Strings: 2, Instructions: 66COMMON
                                      Download Yara Rule
                                      Strings
                                      • SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 33B62A95
                                      • RtlpInitializeAssemblyStorageMap, xrefs: 33B62A90
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
                                      • API String ID: 0-2653619699
                                      • Opcode ID: 036e36f6b2a2d0abd4fbfb3ecd54c72a17a7a590611df0e273a3e24521dd836a
                                      • Instruction ID: 0d8115fc18bb471d1de6f3853f89c4425ab7a8ac0f7add3540f0c21750721801
                                      • Opcode Fuzzy Hash: 036e36f6b2a2d0abd4fbfb3ecd54c72a17a7a590611df0e273a3e24521dd836a
                                      • Instruction Fuzzy Hash: C11129B6B00314AFF7258E488D41F5B7BA9DBC4B54F18817A7918EB241D6B9CD0086A0
                                      Function 33AF1131 Relevance: 1.8, APIs: 1, Instructions: 259timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID:
                                      • API String ID: 3446177414-0
                                      • Opcode ID: c857483b77899481457d34cf03bdf0834d1c0a37458116b37c6e1aedfe75d9a6
                                      • Instruction ID: d2a6dd730c7cab308beabd3a260f6c1728b867d1a9f4d83c78c451dd256f6648
                                      • Opcode Fuzzy Hash: c857483b77899481457d34cf03bdf0834d1c0a37458116b37c6e1aedfe75d9a6
                                      • Instruction Fuzzy Hash: 4DB102B5A093408FD354CF28C980A6AFBF1BB88304F584A6EF899D7351D731E945CB46
                                      Function 33AF7370 Relevance: 1.7, APIs: 1, Instructions: 247COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 73c296bfb6186253e4f6f36398090a663ae4c98e1195d1ec158992cb9986f151
                                      • Instruction ID: d63b2a3d45b4fee988554348cb272edcbc55103e10ef313c452e1cb269e8601c
                                      • Opcode Fuzzy Hash: 73c296bfb6186253e4f6f36398090a663ae4c98e1195d1ec158992cb9986f151
                                      • Instruction Fuzzy Hash: C7A16D75A08741DFE310CF28C880A1ABBE9FF88385F14492EF98597750DB36E945CB92
                                      Function 33AF7703 Relevance: 1.7, APIs: 1, Instructions: 179COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7ebb419eee397338cabc8b9baeca88b0550bdfcc07279994bb516029bb01ab79
                                      • Instruction ID: 36e021dcf01d884f87fdab4424af1b5b725cde6e7f6532313c0b932834ac58f8
                                      • Opcode Fuzzy Hash: 7ebb419eee397338cabc8b9baeca88b0550bdfcc07279994bb516029bb01ab79
                                      • Instruction Fuzzy Hash: C7614375E00605AFDB08DF68C980A9DFBB5BF89380F14816EF859A7340DB36A945CBD0
                                      Function 33B2F603 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3f12426f0dcbde70f536068911aa6ffb31fed16aba7e2cc1ec6df790bd79aa11
                                      • Instruction ID: 5f830d0cc177cdcbc8ef49f2a580e835c83c863e8b257b4774466c5775029f67
                                      • Opcode Fuzzy Hash: 3f12426f0dcbde70f536068911aa6ffb31fed16aba7e2cc1ec6df790bd79aa11
                                      • Instruction Fuzzy Hash: 0E4148B4D012989FDB11CFA9D980AAEBBF8FB48340F50426EE498E7211D7359941CF60
                                      Function 33BA1AA3 Relevance: 1.6, Strings: 1, Instructions: 370COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: .
                                      • API String ID: 0-248832578
                                      • Opcode ID: 4ecdd26863c87b14b23df3b17ff3c6d7ee1336981b96e3f12e34312ded57fcdf
                                      • Instruction ID: c9ba9ac2f85740444a845b3526c2b506648c2d3efe8986b99d403594474511e8
                                      • Opcode Fuzzy Hash: 4ecdd26863c87b14b23df3b17ff3c6d7ee1336981b96e3f12e34312ded57fcdf
                                      • Instruction Fuzzy Hash: 95E1B179D046689FDB60CFADC4406ADB7F5FF44740F94816AE885EB290EB749C82CB50
                                      Function 33AEB480 Relevance: 1.6, APIs: 1, Instructions: 100timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID:
                                      • API String ID: 3446177414-0
                                      • Opcode ID: a563431b8dc732d94fffa3304ed98e526b7f759a394cd9e2b28d8dcabaa60f96
                                      • Instruction ID: 1fad37b3013d76f6d6f684ef11afb19bc49c9deaecbbe6a5c9cdea5b79b75d0c
                                      • Opcode Fuzzy Hash: a563431b8dc732d94fffa3304ed98e526b7f759a394cd9e2b28d8dcabaa60f96
                                      • Instruction Fuzzy Hash: F9312172606304AFC311DF14C880A5677E9EF84360F14426EEC659B2A1DB31EC02CFE0
                                      Function 33AF57C0 Relevance: 1.6, APIs: 1, Instructions: 92timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID:
                                      • API String ID: 3446177414-0
                                      • Opcode ID: a1dc2d11f58ebe7b3758e59f4110edc030576a67d791dd58d45d63d9f214b76f
                                      • Instruction ID: 5910ee1ee471bb9fa2e08b5bc41ab940946240b46f691eeedbbc130fc5dfd931
                                      • Opcode Fuzzy Hash: a1dc2d11f58ebe7b3758e59f4110edc030576a67d791dd58d45d63d9f214b76f
                                      • Instruction Fuzzy Hash: 51315835A15A49BFE7419B24CE80E89BBA6FF44250F44502AFC4087F50DB36E830DBC0
                                      Function 33AF3616 Relevance: 1.6, APIs: 1, Instructions: 84timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID:
                                      • API String ID: 3446177414-0
                                      • Opcode ID: 4729f527b8ef5dffada2f16a291996bf65b4fdaba1615abf646f06560d749522
                                      • Instruction ID: 6cf54dc9d01e7685b9f6c9853b8f5bb91806911ba98bfc4baeace89914987803
                                      • Opcode Fuzzy Hash: 4729f527b8ef5dffada2f16a291996bf65b4fdaba1615abf646f06560d749522
                                      • Instruction Fuzzy Hash: 8821D1792063509FD7A19F08CD44B1BBBA4BF81654F45046EFC854BA91CB75EC48CF82
                                      Function 33AE92FF Relevance: 1.5, APIs: 1, Instructions: 35timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID:
                                      • API String ID: 3446177414-0
                                      • Opcode ID: 5bad8689f3624332a15c653298ab4fde5190f4415adbec2b48108e98e6a61553
                                      • Instruction ID: 0f77a7d882714e6353ef9a174683daf2b07e59299a183cb320830cf5e34fa1c4
                                      • Opcode Fuzzy Hash: 5bad8689f3624332a15c653298ab4fde5190f4415adbec2b48108e98e6a61553
                                      • Instruction Fuzzy Hash: 73F0F036204740ABD3319B09CD08F8ABBFDEF84700F08011DA98693590C6A4E909C660
                                      Function 33AF973A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: @
                                      • API String ID: 0-2766056989
                                      • Opcode ID: 32fdc9af89b0788a3bba97dbd317d7b10cd0208f20562fc1281393ba3f626ce3
                                      • Instruction ID: f37bb6980a831e93ab2d71481e887884af504d8bd46f7b9504a17d020e53db4c
                                      • Opcode Fuzzy Hash: 32fdc9af89b0788a3bba97dbd317d7b10cd0208f20562fc1281393ba3f626ce3
                                      • Instruction Fuzzy Hash: C76159B5D05329ABEB11CFA5CC40B9EBBB4FF84750F14416AF850AB290D7759A00CBA0
                                      Function 33B7F7AF Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: @
                                      • API String ID: 0-2766056989
                                      • Opcode ID: 8281e956446473216ed512d18dfae26456dfb93296f0f4edbd2d8efa18977056
                                      • Instruction ID: 6b558867e2ee9940af00465c642729263aa223e271a2b94418cd6242f55b62e7
                                      • Opcode Fuzzy Hash: 8281e956446473216ed512d18dfae26456dfb93296f0f4edbd2d8efa18977056
                                      • Instruction Fuzzy Hash: 0F51BEB2A04715AFE7118F54C840F6BB7E8FF84754F440A39B5A09B690D770ED14CBA6
                                      Function 33BAB256 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: PreferredUILanguages
                                      • API String ID: 0-1884656846
                                      • Opcode ID: 7a4e696f68c3ff7d0bca33d4bcab4b3be0b824074ceeffd4952c5f6e9d6035e1
                                      • Instruction ID: fa7c4d1e1872f7c989248cb76b4ba8f0d1df06164396b162aebeae14206c26ee
                                      • Opcode Fuzzy Hash: 7a4e696f68c3ff7d0bca33d4bcab4b3be0b824074ceeffd4952c5f6e9d6035e1
                                      • Instruction Fuzzy Hash: 0241B076D14B29ABDF11DA98C850EEEB7F9EF44750F050176E821EB250D6B4DE40C7A0
                                      Function 33B797A9 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: verifier.dll
                                      • API String ID: 0-3265496382
                                      • Opcode ID: 7621394a35bb7eee494e090270914d92ef77ea12d42ed93fa506ee0d70054c51
                                      • Instruction ID: 293dc973c87014e8dbc7e943e8a80d5b3feb493206dc9738fa05120d5b69444d
                                      • Opcode Fuzzy Hash: 7621394a35bb7eee494e090270914d92ef77ea12d42ed93fa506ee0d70054c51
                                      • Instruction Fuzzy Hash: 6631B2B5B10311AFD7149F28D860B2677E5EF48790F94847AE955DF381EB31CC818BA0
                                      Function 33B27505 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: #
                                      • API String ID: 0-1885708031
                                      • Opcode ID: 4bc324cfbfa2083798c26090082f3552f5e90ae9522e24348f396a2005f93b47
                                      • Instruction ID: 6cb860af433c02c7eca0db25cab9de687538218289b038d01c2cd68eb483226c
                                      • Opcode Fuzzy Hash: 4bc324cfbfa2083798c26090082f3552f5e90ae9522e24348f396a2005f93b47
                                      • Instruction Fuzzy Hash: 14419F79A006269FDB11CF58C491BBEBBB5FB44745F00427AE849A7205DB34D981CBA1
                                      Function 33AF5096 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Actx
                                      • API String ID: 0-89312691
                                      • Opcode ID: 6c4844982aea1c585b06a440b01477ea193ae791e15bdb009beae58ca218010d
                                      • Instruction ID: 096fd6055d9085e2ff30030bb616c9f37a5f29636a17a1c4613fc528fd028a10
                                      • Opcode Fuzzy Hash: 6c4844982aea1c585b06a440b01477ea193ae791e15bdb009beae58ca218010d
                                      • Instruction Fuzzy Hash: ED118B74348B028FF7146A1A9C50616B3D9EB86364F38852FFCA1CB390DE73E8418784
                                      Function 33B7106E Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: LdrCreateEnclave
                                      • API String ID: 0-3262589265
                                      • Opcode ID: 4750f8fa768cd739e82df15bda1f31cad341066e5e2dec4fbc2e1765fa966b28
                                      • Instruction ID: 37c7a17d19fc1c8e05e7051523d05375cba84bf3d73e1c078a18a4a9107ba1e3
                                      • Opcode Fuzzy Hash: 4750f8fa768cd739e82df15bda1f31cad341066e5e2dec4fbc2e1765fa966b28
                                      • Instruction Fuzzy Hash: 9E2132B19183449FC310CF2AC805A4BFBE8EFD5B10F400A2FB9A49B650D7B1D905CBA2
                                      Function 33B4739A Relevance: .7, Instructions: 705COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 70da0fc491a704dc04dd7d8c236e865f9895e53a0cbf16cdb863b995d9b1e53b
                                      • Instruction ID: f69a84483bf306cea41b77659b13951d7ce224bdc76818158c3e48388c8a3ff2
                                      • Opcode Fuzzy Hash: 70da0fc491a704dc04dd7d8c236e865f9895e53a0cbf16cdb863b995d9b1e53b
                                      • Instruction Fuzzy Hash: 9142C174A006268FDB04CF59C481AAEB7B6FF88354F18817DE4A5AB340DB34E842DB94
                                      Function 33B1B2C0 Relevance: .6, Instructions: 629COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 69816f01b83dce2ed7c41507749b8ea6c8b35eaa4c22b43ee15f598aec91dd94
                                      • Instruction ID: 677d09f7afef537b9e8734ab3d5c4193a6b9f45f416b7fbb087cda838681f501
                                      • Opcode Fuzzy Hash: 69816f01b83dce2ed7c41507749b8ea6c8b35eaa4c22b43ee15f598aec91dd94
                                      • Instruction Fuzzy Hash: C032B1B5E01229DBDF14CFA8D890BAEBBB1FF94754F180139E845AB350E7359921CB90
                                      Function 33BB16CC Relevance: .6, Instructions: 571COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 26917fb53199eb8c30361f733bf9952d64c7a264ccc58e76d8db66c4b9443ab0
                                      • Instruction ID: 22e9b79eca564c924ea92dd2a726d5cbe0aca75ba0d11e2b37939b54dfd19df0
                                      • Opcode Fuzzy Hash: 26917fb53199eb8c30361f733bf9952d64c7a264ccc58e76d8db66c4b9443ab0
                                      • Instruction Fuzzy Hash: E6228E79A002268FDF09CF59C490ABAB7B6FF89354F28457DD4569B344DF30A942CB90
                                      Function 33AFD7E0 Relevance: .3, Instructions: 342COMMONLIBRARYCODE
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6bee715b6d743e4200562dd219092923d77709a59e1d8110f5e0491b3541fd9d
                                      • Instruction ID: 04922e57ff3f9ebca54444c7afc6b9ba0c6d24f5792880316e16b86c2e2a63ee
                                      • Opcode Fuzzy Hash: 6bee715b6d743e4200562dd219092923d77709a59e1d8110f5e0491b3541fd9d
                                      • Instruction Fuzzy Hash: 62C1B175E003169FEB15CF5ACC40B9EBBB6EF54350F18826AE854AB284D771E981CBC0
                                      Function 33B0F460 Relevance: .3, Instructions: 321COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 19172035e34f7565d6292d9c629b66838c2c0770f176f3b57d2baf964d8accae
                                      • Instruction ID: 22db8e7025d6e2462ad95821e8363fc2c9ce06562b9a600ff9eeeba5b44c442e
                                      • Opcode Fuzzy Hash: 19172035e34f7565d6292d9c629b66838c2c0770f176f3b57d2baf964d8accae
                                      • Instruction Fuzzy Hash: DDC10279B053218BEB04CF58C590B6DBBB1FB88754F5942B9D881AB2A1DB348941CF90
                                      Function 33B190DB Relevance: .3, Instructions: 287COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d591704b58a67cebfa10c16f6d8282ab457271eb5c6a6bcb9eaefb66a0377db0
                                      • Instruction ID: 5b18a6890314e5b37965321c89d07fa55b9af7c237e73e5cd26494678cf823b9
                                      • Opcode Fuzzy Hash: d591704b58a67cebfa10c16f6d8282ab457271eb5c6a6bcb9eaefb66a0377db0
                                      • Instruction Fuzzy Hash: 5EA15AB1D00725AFEB129FA4CC81FAE7BB9EF45790F454168F900AB6A0D7759C11CBA0
                                      Function 33B9B550 Relevance: .3, Instructions: 263COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3ff7ac1fed8eb685f2fac3ffbc1061d77b3cb113fc48d4405aa9a5c461cbf6ec
                                      • Instruction ID: 329ecc0a604e7ef75cd6251a0b9bc332cf0864f6e4b63e7b4f9bb1e3ab8e7870
                                      • Opcode Fuzzy Hash: 3ff7ac1fed8eb685f2fac3ffbc1061d77b3cb113fc48d4405aa9a5c461cbf6ec
                                      • Instruction Fuzzy Hash: 79A14579600615DFE715CF18C990A9AF7FAFF88350F28857AD14A8BB61E730E941CB80
                                      Function 33AF9486 Relevance: .3, Instructions: 259COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7e192ac00332e186835f19d6b0c7604627e40377f4c5ed1e80b629909394b656
                                      • Instruction ID: 7ad15fcbea1f6172ebc8914ed531488aaa5a61862336b8404518bd31f14c64df
                                      • Opcode Fuzzy Hash: 7e192ac00332e186835f19d6b0c7604627e40377f4c5ed1e80b629909394b656
                                      • Instruction Fuzzy Hash: E1B16FB8A043058FEB04DF28D980BB9B7F4BF04354F54456EEC659B691DB36D88ACB90
                                      Function 33BAB52F Relevance: .2, Instructions: 222COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 14aa7f2389c0c2f4a5e39dfbb016f189343e77270b8e137ddafeb974bf5cdc5c
                                      • Instruction ID: 420ac6d6ef8c68bdc4bcdde3819c9a9bdff61d1cce22d41554aafdc9bed121e7
                                      • Opcode Fuzzy Hash: 14aa7f2389c0c2f4a5e39dfbb016f189343e77270b8e137ddafeb974bf5cdc5c
                                      • Instruction Fuzzy Hash: 3671A579E14A2A9BDB00CFACC490AAEB7F9EF44751F58417AD8609B340E774D981CB90
                                      Function 33B1D090 Relevance: .2, Instructions: 217COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                      • Instruction ID: 834b64a9ffc345c389d7e28bfe9a5a3054e29dc128918d6d74e13dcbf5196afc
                                      • Opcode Fuzzy Hash: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                      • Instruction Fuzzy Hash: F981A076E002198BEF44CF68C881BEDB7B2FB84384F59817EE815B7350DA319951CB95
                                      Function 33BB9B8B Relevance: .2, Instructions: 210COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f69055ebc3ab1e504d45789432d807a8cd1355b619bd526ffe314bc3c557d7aa
                                      • Instruction ID: edf0992634eb23e6be3409d34ee349764fe4537fc5e6912013e2525dae7c6240
                                      • Opcode Fuzzy Hash: f69055ebc3ab1e504d45789432d807a8cd1355b619bd526ffe314bc3c557d7aa
                                      • Instruction Fuzzy Hash: 6D61D2B4F00225ABDF048B69C880BBE77BAEF85390F584139E861A72D4DF74C941C7A0
                                      Function 33B9375F Relevance: .2, Instructions: 201COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 23fa4c5e0c8d2eaaf37f19216946ae4159348e2e253f09a37da8430ae3053dd4
                                      • Instruction ID: 7d52b6ed98966dc01b569f66e2aacc62772abebe331bbea3415cfe95527efa90
                                      • Opcode Fuzzy Hash: 23fa4c5e0c8d2eaaf37f19216946ae4159348e2e253f09a37da8430ae3053dd4
                                      • Instruction Fuzzy Hash: EE716D75E00628ABEB11DF98C880BEEB7B9FF49750F544075E849AB261D735D841CBA0
                                      Function 33BB132D Relevance: .2, Instructions: 188COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 62fac800d00d0f8d175a7a13eae351f5cd7534d1a88cbef91c2758e45339ae46
                                      • Instruction ID: 59fa1a94e19820857aec947a1d79c3198c4fe2f0366e89336d509a0be7c46487
                                      • Opcode Fuzzy Hash: 62fac800d00d0f8d175a7a13eae351f5cd7534d1a88cbef91c2758e45339ae46
                                      • Instruction Fuzzy Hash: 07818E75A00255DFDB09CF68C490AAEBBF1FF88300F1581A9D859EB345DB34EA41CBA0
                                      Function 33BB903E Relevance: .2, Instructions: 186COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0cea2300722092854248a5d1cc29d7da74b236ffe31ffe01f5567e400eeeb934
                                      • Instruction ID: 765d4a47b27f729be155bf4a8f08dabb4b37b1e7e3317df2b2b5935c2441b6bc
                                      • Opcode Fuzzy Hash: 0cea2300722092854248a5d1cc29d7da74b236ffe31ffe01f5567e400eeeb934
                                      • Instruction Fuzzy Hash: 34617CB5A04715AFDB15CF64C884FABBBB9FB88750F004639E8A987640DF34E911CB91
                                      Function 33BB92A6 Relevance: .2, Instructions: 174COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9638d36714c01c87818e84392c87785aac73209f553be0f503916b5ab88b4787
                                      • Instruction ID: b498c9667dd9a122c908673bf0330b0998aaf9be6e0600911a56fc5ccb2f6b44
                                      • Opcode Fuzzy Hash: 9638d36714c01c87818e84392c87785aac73209f553be0f503916b5ab88b4787
                                      • Instruction Fuzzy Hash: CB61CEB5A087928BEB01CF64C894B6AB7F0FF80714F18447CE8958B691DF35E906CB91
                                      Function 33B29B9F Relevance: .2, Instructions: 165COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c2574bd99bfe5b584310667340d02ddacf4e01af11f58b2220fec04763927402
                                      • Instruction ID: 4ef3ec6701ea603c2f9587ad2700d087a3d7d81b693536d4499653dd211ad173
                                      • Opcode Fuzzy Hash: c2574bd99bfe5b584310667340d02ddacf4e01af11f58b2220fec04763927402
                                      • Instruction Fuzzy Hash: 006174B5E11769AFDB05CF68C580B8DBBB4FF08764F04826AE858EB651C734A950CB90
                                      Function 33AEB2D3 Relevance: .2, Instructions: 161COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 75d47ce8a4726c3f33b592172721f648612a93f73a3d7a53756ac0c500da88f8
                                      • Instruction ID: 1c36a74e924ea29b902c85e5fa61680fb5329324b4afff2b962d25d5ee4627e2
                                      • Opcode Fuzzy Hash: 75d47ce8a4726c3f33b592172721f648612a93f73a3d7a53756ac0c500da88f8
                                      • Instruction Fuzzy Hash: F3414372A01700EFD7269F29D985B56BBE9EF40760F14803EE959DBA50DB34DC018B90
                                      Function 33B6D5D0 Relevance: .2, Instructions: 161COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 421d61e5bc4c825cfb3b344d513b1230fd482de7481e25e13c6dc44851e8f620
                                      • Instruction ID: c4f892d361f8cfa290f7f3c1f0613f1f6b4dc9e491bf895252772f5b39dedf8f
                                      • Opcode Fuzzy Hash: 421d61e5bc4c825cfb3b344d513b1230fd482de7481e25e13c6dc44851e8f620
                                      • Instruction Fuzzy Hash: A951D6B6A003129BDB019F648C40E7B77E5EF946C8F44043DF948E7252EB35C856C7A2
                                      Function 33B2B570 Relevance: .2, Instructions: 161COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: acc3fc6bac47d9fe9382819dbf77bad7bf664ac08ea59394930cd41e92cf9601
                                      • Instruction ID: 8352b2dbfd8c1e8c31821ea38267e666311e409d1455948f90d5efd14ce43a9f
                                      • Opcode Fuzzy Hash: acc3fc6bac47d9fe9382819dbf77bad7bf664ac08ea59394930cd41e92cf9601
                                      • Instruction Fuzzy Hash: FF51E0B1A003109FE320EF29C981F5A3BE8EB85364F10063DF95197A91DB34D902CBA2
                                      Function 33B195DA Relevance: .2, Instructions: 160COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d63bc6ef20b698404209f47dee653604041557a616847c1708bf1e2c185a4bcd
                                      • Instruction ID: 4e273c6909e1513d534f6d8533824de6f615ca444911cdcccf38b129242499df
                                      • Opcode Fuzzy Hash: d63bc6ef20b698404209f47dee653604041557a616847c1708bf1e2c185a4bcd
                                      • Instruction Fuzzy Hash: 33518C71E00358ABFB218FA5CD80F9DBBB8FF02380F60013AE594AB151DB7198549F60
                                      Function 33B03740 Relevance: .2, Instructions: 159COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4df35c0430e354da8572d85a13d97c9ff598d886dace16364d87a748990f976e
                                      • Instruction ID: 854e5ff420ba3788c3e3a4116555bf71b49fcc093dfba81103a60b4b51d1802a
                                      • Opcode Fuzzy Hash: 4df35c0430e354da8572d85a13d97c9ff598d886dace16364d87a748990f976e
                                      • Instruction Fuzzy Hash: 5951AC79A107659FD311CF68C884A59BBB0FF44710F0842B5E8889B740EB35E995CFE0
                                      Function 33BBD26B Relevance: .2, Instructions: 153COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                                      • Instruction ID: 8ba1613910813532cab53236d616e14b4da0ca60f5220d53c648e1745bec0939
                                      • Opcode Fuzzy Hash: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                                      • Instruction Fuzzy Hash: 40515C756083429FDB01CF68C880B6ABBE5FFC8394F04892DF99497241DB38E945CB52
                                      Function 33AF51ED Relevance: .1, Instructions: 149COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 67c30e358c1c6a681a433fc5f4465a247f1ab7dd620096302bf489fabb61ef81
                                      • Instruction ID: 63041755ca5f6da1e539024741c5a72d1dd6068ab32c096bd6691aaee1c07d92
                                      • Opcode Fuzzy Hash: 67c30e358c1c6a681a433fc5f4465a247f1ab7dd620096302bf489fabb61ef81
                                      • Instruction Fuzzy Hash: BA519A75A01315DFEB11CBA8CD50B9DB7B8BF08794F18062AFC50E7250DBBAE8408B60
                                      Function 33B83140 Relevance: .1, Instructions: 149COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5f652867ef2d4a81dcd239fd6344d88d47880787e9aaf5c83155bed52119b4ab
                                      • Instruction ID: 9a9e4bbf8cc2432e8e8a6b1d1dc6096f86af8e90d864c63f471782126ae1ba6f
                                      • Opcode Fuzzy Hash: 5f652867ef2d4a81dcd239fd6344d88d47880787e9aaf5c83155bed52119b4ab
                                      • Instruction Fuzzy Hash: 8C51CA7AA04391DFD711CF18C880A5AB7E4FB88764F05863AF89C9F250D734E944CBA2
                                      Function 33B85B50 Relevance: .1, Instructions: 148COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9d2034ad89b0a0fbdf7ee0086258f14be42ed2e899d470c887d8813522647b1c
                                      • Instruction ID: cd0a875e9378240ea67000453cd55da9ba0b6906531187df30abdc9eca6911ea
                                      • Opcode Fuzzy Hash: 9d2034ad89b0a0fbdf7ee0086258f14be42ed2e899d470c887d8813522647b1c
                                      • Instruction Fuzzy Hash: E6510AB5A006199FCB04CF58C880A5ABBE5FF09354B2982AAE818DB351D335ED61CF90
                                      Function 33B2F71F Relevance: .1, Instructions: 143COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 42f46328f951d2cff641003b80779e9b773db320d211a638cff68e3cde76f766
                                      • Instruction ID: bf6f272b6ed86263e44d21c8bb0d7b7bbca47693c4926214468c20dcbca75aaf
                                      • Opcode Fuzzy Hash: 42f46328f951d2cff641003b80779e9b773db320d211a638cff68e3cde76f766
                                      • Instruction Fuzzy Hash: EB41A9B6D01729AFDB119BA88884EAF7BBDEF04690F450276F904E7610D734DD018BE4
                                      Function 33BC35D7 Relevance: .1, Instructions: 139COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b2c300d7f86a03933703e09635872856e70952263eb4647515a482bdea46eec2
                                      • Instruction ID: 7410f0447309894df64a99ffad44b3f76af81a1ec9515ec3e7e8c9d72a20eb16
                                      • Opcode Fuzzy Hash: b2c300d7f86a03933703e09635872856e70952263eb4647515a482bdea46eec2
                                      • Instruction Fuzzy Hash: 455169B560064AEFDB15CF14C580E46BBB9FF45304F5981BAE8089F222E775E985CFA0
                                      Function 33AFD534 Relevance: .1, Instructions: 138COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1d74efaf50760c1363a900fab9dafc105e1e9d994e9512cae49d887a18d55c78
                                      • Instruction ID: 4616a6b49ab2537ab0d92d6d60c214fb7704be328c935f0590c19568da2b9ed3
                                      • Opcode Fuzzy Hash: 1d74efaf50760c1363a900fab9dafc105e1e9d994e9512cae49d887a18d55c78
                                      • Instruction Fuzzy Hash: 5951B9766047A18FE712CB18C844B6A73E5EB44B94F4905BAFC58CB794DB39DC40CB61
                                      Function 33B6D1C0 Relevance: .1, Instructions: 135COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0eb649ebbf3548d8df43d0789ceff5cfbc550e3c64e1c06ae1f98d8f26ebe946
                                      • Instruction ID: 944e59bcfe86c92b4781bc40487ab322521b06a07bf3ec473435967be5cd592c
                                      • Opcode Fuzzy Hash: 0eb649ebbf3548d8df43d0789ceff5cfbc550e3c64e1c06ae1f98d8f26ebe946
                                      • Instruction Fuzzy Hash: 485118B5E00215DFDB08CF68C48169ABBF1FB48358B54856ED81AE7346D734EA90CF90
                                      Function 33AE7A80 Relevance: .1, Instructions: 133COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c143b5daf479d2f497662e792e6a29c93e554ddf803f9c25e31ba327211c1d34
                                      • Instruction ID: d219ca4e2bdf45fc2393fe246ae1522901af341f429e05db68e19d5cb54a81a5
                                      • Opcode Fuzzy Hash: c143b5daf479d2f497662e792e6a29c93e554ddf803f9c25e31ba327211c1d34
                                      • Instruction Fuzzy Hash: C041C236A183129BD320DF28CC40B5BBBA4EF44790F10493AF9969B650DB31DD45CBE9
                                      Function 33B1DA20 Relevance: .1, Instructions: 133COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8965767a174332de71706d3cf1f83693257e227645ee7e2ead82d09c891f9fa5
                                      • Instruction ID: 7204f24e82857dbe447eab929e1b1203789ffb21650fb04c96851b7e9bd7bcc8
                                      • Opcode Fuzzy Hash: 8965767a174332de71706d3cf1f83693257e227645ee7e2ead82d09c891f9fa5
                                      • Instruction Fuzzy Hash: D441D276909765DBF321DF14D880FABB3A8EB84760F050739F99497680DA34DC04CB92
                                      Function 33AEB136 Relevance: .1, Instructions: 131COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 809997adb9779a68fa0917950acfefccc4c21626e8cacea15447de77205ab694
                                      • Instruction ID: f92b17e01226c391932599fc40275312a0ed5804a3220ebd7ca6ee9a52810284
                                      • Opcode Fuzzy Hash: 809997adb9779a68fa0917950acfefccc4c21626e8cacea15447de77205ab694
                                      • Instruction Fuzzy Hash: B241BCB1A42715EFE7159F69C844F5ABBE8EF00794F00847AE995DBAA0DB74D800CF90
                                      Function 33B9BA0B Relevance: .1, Instructions: 127COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ca1ac5d55d692f5f46498b90b45fcbb1537f4f259a80e997c9e8bbffb511a4be
                                      • Instruction ID: 11f87d860e97420c5e475400ece6741242f524fe4b59616be4186764c7ec1c9b
                                      • Opcode Fuzzy Hash: ca1ac5d55d692f5f46498b90b45fcbb1537f4f259a80e997c9e8bbffb511a4be
                                      • Instruction Fuzzy Hash: 1F419DB5A00B159FE715CF69C880B9ABBF9FF88740F04853DD64997BA4D770E9018B90
                                      Function 33B1D6E0 Relevance: .1, Instructions: 126COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 112991216ba964606d5a517429ee373104b0348897f2194dc2b65342d7c1cabe
                                      • Instruction ID: afe116cc799b75aae53adfd8877fc6564af580732bbd05070651b282d4100d3c
                                      • Opcode Fuzzy Hash: 112991216ba964606d5a517429ee373104b0348897f2194dc2b65342d7c1cabe
                                      • Instruction Fuzzy Hash: 1841E2B5A153109FE320EF69C980E2BB7F8EB44360F00063DF95597A90CB34E852CB92
                                      Function 33B7FBDC Relevance: .1, Instructions: 122COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3a0098d64843378da610105f93eb257d99676a7b702d2994faaaa906aaea376f
                                      • Instruction ID: 4e510da59f67cd9c13529280fc6e0d9ee5d0b44679e021cfd271fa7c4681c001
                                      • Opcode Fuzzy Hash: 3a0098d64843378da610105f93eb257d99676a7b702d2994faaaa906aaea376f
                                      • Instruction Fuzzy Hash: 3741C276A00215ABDB15CF68CC41FAB7768EF447A0F5A4278ED219B690D730DE01CBA4
                                      Function 33AF9BC4 Relevance: .1, Instructions: 112COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: db288734e21c91b8b2610bad33f88d0bdde8750e409fbb8ff91e3e5a25f13139
                                      • Instruction ID: 10ab4ba52ac2f5a42db11ce2bd8a94b37578be3e89dcbaf65d7376062714f59d
                                      • Opcode Fuzzy Hash: db288734e21c91b8b2610bad33f88d0bdde8750e409fbb8ff91e3e5a25f13139
                                      • Instruction Fuzzy Hash: 864150B5A0432C8FEB24CF1ACC88A99B7F8EB45344F1001EEEC5997251D7719E81CE60
                                      Function 33B19274 Relevance: .1, Instructions: 105COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cba1c359a3d6643facb1d12c374ff20291f45a2ee433c40184c2f61fad51ea7b
                                      • Instruction ID: 785d463bac238246b1446a4edc52813a65deee7978624cae0cd85af70a5c9b4c
                                      • Opcode Fuzzy Hash: cba1c359a3d6643facb1d12c374ff20291f45a2ee433c40184c2f61fad51ea7b
                                      • Instruction Fuzzy Hash: BE31A275E00368AFEB258B24DC40F9A77B9EF86350F5001B9A44DE7280DB309E94CF91
                                      Function 33B9B2F0 Relevance: .1, Instructions: 103COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b022692fe8b9e9848fdc1893cbbaccaa8075d22d17f181ab9d2aff15b1c15f9d
                                      • Instruction ID: 58ac1ff5e5663e46eb5f562f2bef88287b61613166d87d52b01e64121fb1d20a
                                      • Opcode Fuzzy Hash: b022692fe8b9e9848fdc1893cbbaccaa8075d22d17f181ab9d2aff15b1c15f9d
                                      • Instruction Fuzzy Hash: 0A318971604B21DFE720CF69C480A5ABBF9FF4C254F68847DD4898B661D7B0EA81CB40
                                      Function 33B150E4 Relevance: .1, Instructions: 101COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                      • Instruction ID: e706b09e8b5077b4046d6e5a530a4a84d2ae1c3e500cd0bd20207ed542621510
                                      • Opcode Fuzzy Hash: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                      • Instruction Fuzzy Hash: F031E175F083559BE752DA28C800B57B7E9EB85794F48853BF8848B384D7B4C8A1C7A2
                                      Function 33AE9730 Relevance: .1, Instructions: 96COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID:
                                      • API String ID: 3446177414-0
                                      • Opcode ID: 91dcef968a6f5fda2b88291f726fd06f5b7abc49f5f505065e367eef7f2ba86c
                                      • Instruction ID: 3607b02dc8a690c69820c115a0061fa5c000d7d5e02356a64ff483c21be2c42b
                                      • Opcode Fuzzy Hash: 91dcef968a6f5fda2b88291f726fd06f5b7abc49f5f505065e367eef7f2ba86c
                                      • Instruction Fuzzy Hash: 9821FF76A08714AFD3228F58C800B0A7BB5FF85B60F12047EA9D89BB51DB38DC05CB90
                                      Function 33AED6AA Relevance: .1, Instructions: 93COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 759af7da7484718429cce7f3e89ec17e8e493d8f66f8a62f4e587b70ab487789
                                      • Instruction ID: 51d47cb99e5d165614b3bde4784168d06ce737a45d0ce1a20e1b07fe74525683
                                      • Opcode Fuzzy Hash: 759af7da7484718429cce7f3e89ec17e8e493d8f66f8a62f4e587b70ab487789
                                      • Instruction Fuzzy Hash: A531D0BAA01314AFEB11DF58C880F5A77A9EB85791F19842EED48DB240E734DD40DB50
                                      Function 33AF92C5 Relevance: .1, Instructions: 89COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                                      • Instruction ID: 48b3a61d50597466c2c8d5077f95f2d12aac1c860bfb242054802954baaf1f06
                                      • Opcode Fuzzy Hash: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                                      • Instruction Fuzzy Hash: 343169B6A093599FD701CF18D84094A7BE9FF89350F04066AFC949B3A0DB31DC15CBA6
                                      Function 33B47190 Relevance: .1, Instructions: 89COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                      • Instruction ID: 02318e765c465258be64f5ff28ef18b3d6aec248d495bfabf6b47e63a8df8834
                                      • Opcode Fuzzy Hash: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                      • Instruction Fuzzy Hash: CA313779604216CFC700CF19C480946BBF5FF89354B2986A9F9689B315EB30ED06DB95
                                      Function 33B2D530 Relevance: .1, Instructions: 85COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 56abea9100d495f2cf90294272e7ebdbe679275bd0da7fc8ed2c1d82d6f2d2a7
                                      • Instruction ID: 4167e7bb6748c526727f7d4391efeb28b9218dee60cf13b7bc39e089897b3a80
                                      • Opcode Fuzzy Hash: 56abea9100d495f2cf90294272e7ebdbe679275bd0da7fc8ed2c1d82d6f2d2a7
                                      • Instruction Fuzzy Hash: 562107729143109FD611EB68D940F477BE8EF44698F00093EF95CDBA51DB34D844CBA2
                                      Function 33B03BD6 Relevance: .1, Instructions: 82COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: deaad7faea68b5fa5f73306aa2177222cc7a91f19ac9cadba4d1c08a03020b49
                                      • Instruction ID: d2e526d7b4fff47006dfdf9a28bb6db1401c2b5f2507ca9457b5571c19a45e0f
                                      • Opcode Fuzzy Hash: deaad7faea68b5fa5f73306aa2177222cc7a91f19ac9cadba4d1c08a03020b49
                                      • Instruction Fuzzy Hash: 1021BF7D345BA0CFE3658B2DC498BA17BE4FB41B45F0844B6E889C7650D739D882DB20
                                      Function 33B1F32A Relevance: .1, Instructions: 79COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                                      • Instruction ID: cd32371e98f6913af45c8167d74edef919ee1097cae1c82950ae74e5e57c04e8
                                      • Opcode Fuzzy Hash: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                                      • Instruction Fuzzy Hash: 1F21BEB2A007009FD719CF15C440F5ABBE9EF853A4F15437DE10A8B6A1EB70E901CA94
                                      Function 33B29660 Relevance: .1, Instructions: 78COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5811566b0b16323466398bf6a8d9b946c50aad2a2b3836da2849fccf0cc4b3c2
                                      • Instruction ID: c9ef1d8607c8410fb9a297b14fde4e259dc66ed2b0be3b35b3b64da690c7f794
                                      • Opcode Fuzzy Hash: 5811566b0b16323466398bf6a8d9b946c50aad2a2b3836da2849fccf0cc4b3c2
                                      • Instruction Fuzzy Hash: 65212434600B14DFE7325A29CD54F067BE9EB403A4F18073BE89EC6AA0DB31A861CB51
                                      Function 33B971F9 Relevance: .1, Instructions: 74COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a1181965b8dda2e29266454b668b15fb552eec1943fb1ace56c17259137678a8
                                      • Instruction ID: efe863ea3c9ac83acc53790caab4d9a85aaff4cf0f95aa000f54125e29300f31
                                      • Opcode Fuzzy Hash: a1181965b8dda2e29266454b668b15fb552eec1943fb1ace56c17259137678a8
                                      • Instruction Fuzzy Hash: DC210331E147508FE310CF698846A9BB7E9EFC2754F18497DF8E69B150DB30A8458791
                                      Function 33B6D0C0 Relevance: .1, Instructions: 73COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
                                      • Instruction ID: 54af89123b4995710a1336d19dddea0f3b69865b888602206cd09ab69ac0cfca
                                      • Opcode Fuzzy Hash: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
                                      • Instruction Fuzzy Hash: 2A21B072B44704ABD3119E18CC41F4A7BA4EB897A4F00023EF988AB7A1D770D8008BA9
                                      Function 33AEFB4C Relevance: .1, Instructions: 72COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2c127abe4603a0a42779a20a6cf4765ca859a8c0cd1fe1c92a88c9a2ea8e3ac3
                                      • Instruction ID: dfe07f640db5725ff11cfdf458bb373170edf9416a34752b5aab13df1572db78
                                      • Opcode Fuzzy Hash: 2c127abe4603a0a42779a20a6cf4765ca859a8c0cd1fe1c92a88c9a2ea8e3ac3
                                      • Instruction Fuzzy Hash: 8421BF76900721DFD714CF65C4906A9B3F4FF44390F2A86AFCCA5AB650E770AA41CB90
                                      Function 33AFBA30 Relevance: .1, Instructions: 71COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 40d774ed7c3baa0255d5d1378b1757be8bf49a70dca5aa7ec0a913f7188970d8
                                      • Instruction ID: 0552b4ccd1bd9ed27829cf74259663e495e2ac615526bd42b93af95d016278c2
                                      • Opcode Fuzzy Hash: 40d774ed7c3baa0255d5d1378b1757be8bf49a70dca5aa7ec0a913f7188970d8
                                      • Instruction Fuzzy Hash: F521FFB6605B918BE7029B58CC50B1137E9FF89750F0802B6FC858BB91DB35DC00CA61
                                      Function 33AEB765 Relevance: .1, Instructions: 69COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0822523cf9cb431609b5599a4ead1fb3f509fcd07c725a721dc95e284a2983d8
                                      • Instruction ID: b9ac17b6c3d6dd887b81aaab1f7bb951c831cfc0dafd13f49cf6b3f1d80612a6
                                      • Opcode Fuzzy Hash: 0822523cf9cb431609b5599a4ead1fb3f509fcd07c725a721dc95e284a2983d8
                                      • Instruction Fuzzy Hash: F2214472912B00DFC722EF68CA40F59B7F5FB08618F14497DE04A97AA1C734A801CB44
                                      Function 33B115A9 Relevance: .1, Instructions: 69COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 29802a1ca24c6965babefc6623953e4fc32110ab479eab20bfca4cc576a297b9
                                      • Instruction ID: cf1df044deba0e23718d1abd358b3809f5aa49ecacf6eedb21e3243e76ce81f2
                                      • Opcode Fuzzy Hash: 29802a1ca24c6965babefc6623953e4fc32110ab479eab20bfca4cc576a297b9
                                      • Instruction Fuzzy Hash: B721DE75A01795DFF302CB99C988F15BBE9FF84380F0900B1EC449B692EB28DC40CA61
                                      Function 33AE7BCD Relevance: .1, Instructions: 69COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9e527536308d36df9f8c7886c42caab279fc6e9fc899b8e4aac90a09dcd9d524
                                      • Instruction ID: 66669d7cbcd33fdbdf8d4f1a989f1c29e78de2616818ad2f0f73e9caae937698
                                      • Opcode Fuzzy Hash: 9e527536308d36df9f8c7886c42caab279fc6e9fc899b8e4aac90a09dcd9d524
                                      • Instruction Fuzzy Hash: 79113375901324ABCB20DF68C940EAABBF8EF55760F54047AF985A7640EA32DC41D7A0
                                      Function 33BAD7B0 Relevance: .1, Instructions: 68COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c5acb5f3ba083c4099dfa29a6382a993b1cbc49009cdf177e412d1a340e2cc6a
                                      • Instruction ID: 1149349d66a3f0b16fdc11905cba0a51fd768c19396ed5c049c310ff6e7a5c4d
                                      • Opcode Fuzzy Hash: c5acb5f3ba083c4099dfa29a6382a993b1cbc49009cdf177e412d1a340e2cc6a
                                      • Instruction Fuzzy Hash: 7211D37A904B24ABD7228F59CC50F6B7B79EF81BA0F464069F9189B260D720DC00C7E1
                                      Function 33B19A18 Relevance: .1, Instructions: 68COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8e0df73b55497ddfadbe26ba18f34ecf871e8180e658a7c35b004a84e1aee84d
                                      • Instruction ID: 98300990c9968285eb558568175d63ad07969164636a33c5dce685e2858d2954
                                      • Opcode Fuzzy Hash: 8e0df73b55497ddfadbe26ba18f34ecf871e8180e658a7c35b004a84e1aee84d
                                      • Instruction Fuzzy Hash: DB21A972921661EFC7018F04C500982BBADFF41759B58E1B9E44A8B210E731DE56CBC0
                                      Function 33AF3720 Relevance: .1, Instructions: 67COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fc43cbae305573d036b5b1965c3c36ad27e9e9a9674b708ef700e95a12737533
                                      • Instruction ID: 9b2cf847e099915e5f4f1d8042f65e479d09526478319f16b5a4c2321b1e4032
                                      • Opcode Fuzzy Hash: fc43cbae305573d036b5b1965c3c36ad27e9e9a9674b708ef700e95a12737533
                                      • Instruction Fuzzy Hash: D421F6B8A112098BE701CF6DC9447EE77B4FF89318F29802DEC52572D0CBBA9985CB50
                                      Function 33B7D080 Relevance: .1, Instructions: 66COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 76ba543faf9e9aa00096454dbc3882ba3ce93a5d52cf2d1ed461b741d25336a7
                                      • Instruction ID: 6b1f629ed6a99cacceeff28afdb81f746148e5678d422afd13cb08191f74a6fd
                                      • Opcode Fuzzy Hash: 76ba543faf9e9aa00096454dbc3882ba3ce93a5d52cf2d1ed461b741d25336a7
                                      • Instruction Fuzzy Hash: 91114875650350ABC3229B28DD50F277BA8EFC2AE4F14043DFA588BA90DB34DC41CBA4
                                      Function 33B8D5B0 Relevance: .1, Instructions: 66COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 227256db81d375ecfc13626cb2ab5827bd77baaff17ec571dfb7d10958618551
                                      • Instruction ID: 35f5e0f600e089f41898e424910340d91e23face705c9a2ad9bac2ab6385eba1
                                      • Opcode Fuzzy Hash: 227256db81d375ecfc13626cb2ab5827bd77baaff17ec571dfb7d10958618551
                                      • Instruction Fuzzy Hash: 0711BE36611754AFD722DF64CD40F8AB7A8FF846A4F14442AE4499BA80E734F901CB64
                                      Function 33AE9240 Relevance: .1, Instructions: 64COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c13da1961de8295c7d3c27c44dca5c935f6cecf8be757ea97c49d9142975c982
                                      • Instruction ID: 10444f38ba498a3ba9a82a8ac35db2a2864548eb768dd07ed7511a4980d6c5a9
                                      • Opcode Fuzzy Hash: c13da1961de8295c7d3c27c44dca5c935f6cecf8be757ea97c49d9142975c982
                                      • Instruction Fuzzy Hash: 7811E27A030300EED725AF59EA01F6237F8EB58B80F10402AE944A7A50D73CDD02DF65
                                      Function 33B8D660 Relevance: .1, Instructions: 63COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 84d8c099071c2c2e27e0d7cc270b2f1a9f3cfe9a568463a6261584609a9bdb37
                                      • Instruction ID: 7557bdcb94e429ea02b450f535d9c9112107a999b100c16d9736cfa7312a6aa5
                                      • Opcode Fuzzy Hash: 84d8c099071c2c2e27e0d7cc270b2f1a9f3cfe9a568463a6261584609a9bdb37
                                      • Instruction Fuzzy Hash: 5B11947A600798AFEB01EF64C540B9ABBF9EF85294F18447ED499DB700D770E901CB50
                                      Function 33B97A11 Relevance: .1, Instructions: 62COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8ddc2dbe46d5ac71ca301ae68010c8bd925c752119c1b7324b643eb4a2c43168
                                      • Instruction ID: 807cb3e0767d95e2fab6968e96331d7a0baab1789c22ee0f498bb7287c1a5c58
                                      • Opcode Fuzzy Hash: 8ddc2dbe46d5ac71ca301ae68010c8bd925c752119c1b7324b643eb4a2c43168
                                      • Instruction Fuzzy Hash: 5C211975E00619DFEB08CF98D841BEDB7B1FB48721F208279E465A7680DB766941CF90
                                      Function 33AEFAA4 Relevance: .1, Instructions: 61COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4870b528d7b25b4471f0b5810bc38dc9778e41db59f1a3cb7c06885f010ffa25
                                      • Instruction ID: 5703a5cecb1962b9fa8b1c1bd8dd77cfb5f97629aef4bbd06b3eb6d992432893
                                      • Opcode Fuzzy Hash: 4870b528d7b25b4471f0b5810bc38dc9778e41db59f1a3cb7c06885f010ffa25
                                      • Instruction Fuzzy Hash: 8011C435A00305EFEB15CF50C814F5AB7BAEF85394F1986AAD8819B680DB71FD42DB50
                                      Function 33B25A01 Relevance: .1, Instructions: 59COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6ed659946fb9fc9b79206869a8043569f9835a961de5c7259737506ae61f8194
                                      • Instruction ID: 60e2b6aea824b9f64811959a268c4d178007a23bf44af34515aba38c63da7547
                                      • Opcode Fuzzy Hash: 6ed659946fb9fc9b79206869a8043569f9835a961de5c7259737506ae61f8194
                                      • Instruction Fuzzy Hash: C8110872641B54BFD7224F05CD45F5B7F7AEF89B80F060139B6089B6A0CA75CC00DA90
                                      Function 33B6DA1D Relevance: .1, Instructions: 58COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 012a71606a4d59d9462653767c3d49fe1bd4ebf1bf8dc5cce1905e6e7a89c31f
                                      • Instruction ID: 138a5b41b78fafd1c8458fd85eb3c6311c883b7a1b27f87f6daebe094f66b25c
                                      • Opcode Fuzzy Hash: 012a71606a4d59d9462653767c3d49fe1bd4ebf1bf8dc5cce1905e6e7a89c31f
                                      • Instruction Fuzzy Hash: 0711C272A04208BFC7058F6C9880CBEBBB9EF95354F10806AE944D7251DA358D55C7A5
                                      Function 33B1B052 Relevance: .1, Instructions: 57COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3f6f66d4ffe5126b3697a830ab1b894a86a2aeb7d9a770de6716f0adac422083
                                      • Instruction ID: 5887307dbb01e339ab11a12869310f85034a41287af9f2d4ebe4c1655d6a02ba
                                      • Opcode Fuzzy Hash: 3f6f66d4ffe5126b3697a830ab1b894a86a2aeb7d9a770de6716f0adac422083
                                      • Instruction Fuzzy Hash: A801F572F04300ABE710DBAA9C84F6FBBE8DF84364F040079E605D3641EB70EA008621
                                      Function 33BAD6F0 Relevance: .1, Instructions: 57COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ab5dca7662d95f66bb5cdf7901944074af6dd6205da9398680eb86638002d29b
                                      • Instruction ID: 1eb68ffcc29ec27fef5195fed23de02a7bb0212ed1f57a617215e5e9c9f1f2c0
                                      • Opcode Fuzzy Hash: ab5dca7662d95f66bb5cdf7901944074af6dd6205da9398680eb86638002d29b
                                      • Instruction Fuzzy Hash: 1F016176B04609EBDB08CBAADA54DAF7BBDEF85AC4F01016DA905D7200E734EE45C760
                                      Function 33AE7330 Relevance: .1, Instructions: 55COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c685b3a84093c0fe50a53359f02bfabc89bac8f218db3e5f117c0f9f6e9df582
                                      • Instruction ID: 052e9251595239d4cd31895130ddbb580256b36390c903531bffd32cba1e8b7e
                                      • Opcode Fuzzy Hash: c685b3a84093c0fe50a53359f02bfabc89bac8f218db3e5f117c0f9f6e9df582
                                      • Instruction Fuzzy Hash: C9115AB5A00716AFE711CF69C841B9B77E8EB44355F05882AFD85CB610D736EC409BB1
                                      Function 33B1F2D0 Relevance: .1, Instructions: 54COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9e33c6f57c6a9cb63ec762159f786b35fd2fabd5374c298b74a71ef84721149f
                                      • Instruction ID: d3ac8fc93ffdce72f82942cc3f9c448719f554252cd846649292031ad47e8ed7
                                      • Opcode Fuzzy Hash: 9e33c6f57c6a9cb63ec762159f786b35fd2fabd5374c298b74a71ef84721149f
                                      • Instruction Fuzzy Hash: 6D110E75A00758ABD310CF69D884F9EB7B8FF45700F18027AE544EB642DB38DA01CB60
                                      Function 33B872A0 Relevance: .1, Instructions: 53COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                                      • Instruction ID: b77982097261f7b80dd054be6e60c08becd697019dafcbc541f184d03f8a1c51
                                      • Opcode Fuzzy Hash: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                                      • Instruction Fuzzy Hash: DE01F576240629BFD7118F11CC81E52FB6DFF953A4F800535F1444A960C731ACA0CBA0
                                      Function 33B9B450 Relevance: .0, Instructions: 50COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b010affa2c9c17b8fcbaf56ed93a20b011c1e6f153da428dac7c50b91225a3f0
                                      • Instruction ID: 79607a69961fe62ea1ded67fa7f3cd1c936c9db0884ad416f0a359915f2497a8
                                      • Opcode Fuzzy Hash: b010affa2c9c17b8fcbaf56ed93a20b011c1e6f153da428dac7c50b91225a3f0
                                      • Instruction Fuzzy Hash: F701B136241BA0EFE3228F55CD84F9ABB69FF91B94F550430BA455BAB0C364E850DA90
                                      Function 33BAFB0C Relevance: .0, Instructions: 49COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a627d987b4622e22bdfd170c9f703c70dba2920c8b76219a3ce3a640564788bc
                                      • Instruction ID: aefd3ff139606ea5a9d179fb103e1c8609e8b108ea59e77176cb7ead11aaecdc
                                      • Opcode Fuzzy Hash: a627d987b4622e22bdfd170c9f703c70dba2920c8b76219a3ce3a640564788bc
                                      • Instruction Fuzzy Hash: 8E115B71A01359ABCB00DFA9D845E9EBBF8EF44750F404026B904EB290DA78DA01CBA0
                                      Function 33AE9353 Relevance: .0, Instructions: 48COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                                      • Instruction ID: c2edcf7f454b82add19dd1d96a25a0a69359c13c22c52f868fabb18d1202d6b3
                                      • Opcode Fuzzy Hash: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                                      • Instruction Fuzzy Hash: 1411A976904B12DFE3218F15C880B12B7E4FF407A6F19886EE8C94A4A6C778E881CB10
                                      Function 33B133A5 Relevance: .0, Instructions: 47COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                                      • Instruction ID: f69f6eabdf9d30a2c2baf93e709c4ec0a15550be0a11fdf24fb9f79a540f0077
                                      • Opcode Fuzzy Hash: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                                      • Instruction Fuzzy Hash: 76018176B00215EBCB128AAADD00E9B7AACEFC4B80F154039B91DD7560FA30DD62D770
                                      Function 33B2D1D0 Relevance: .0, Instructions: 47COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                                      • Instruction ID: 007c7666587677326bbc2b6120cb908510a92dbdc93240f45402fdb9a2ad173e
                                      • Opcode Fuzzy Hash: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                                      • Instruction Fuzzy Hash: 1D014776E003549FE7118A54E804F453BADEB846A4F14423EFD78CB680CB75D940C790
                                      Function 33BAF5BE Relevance: .0, Instructions: 47COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 048ae5ba80f8df787a853658f68a6408eb025f0d9869cb019df299a4212f331c
                                      • Instruction ID: 9c748cb4a065247802e3995d5d3e37220a3ca1d49e12610f2ffb697d5f952790
                                      • Opcode Fuzzy Hash: 048ae5ba80f8df787a853658f68a6408eb025f0d9869cb019df299a4212f331c
                                      • Instruction Fuzzy Hash: 96019A70E01358ABCB04DFA9D842FEEBBB8EF45310F404026B944EB280DA74DA01CBA4
                                      Function 33BAF453 Relevance: .0, Instructions: 47COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 70a837ccf1d5f5e13df5fd5731694196bc51d9dbb05ba616bb903d72eb42e41f
                                      • Instruction ID: 14c8d2e2bb334f0ce813ec7497d4105e498ed4b4905c37edd3db34638b100c02
                                      • Opcode Fuzzy Hash: 70a837ccf1d5f5e13df5fd5731694196bc51d9dbb05ba616bb903d72eb42e41f
                                      • Instruction Fuzzy Hash: 41019E71E11358ABCB04DF69D841FEEBBB8EF85310F404026B944EB280DA74DA01CB90
                                      Function 33BAFA87 Relevance: .0, Instructions: 47COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6a8095d04d8ebb6a89e1952d7a5315a212ac6f70c51f59408d40dd11a1e6b322
                                      • Instruction ID: c5fc223bcb5cd00d991cdc4b4d670a305a841956d3ae8505ab72c8caa1d4c187
                                      • Opcode Fuzzy Hash: 6a8095d04d8ebb6a89e1952d7a5315a212ac6f70c51f59408d40dd11a1e6b322
                                      • Instruction Fuzzy Hash: 31019E71E01318ABCB04DFA9D845FEFBBB8EF45710F404026B840EB280DAB8DA01CB90
                                      Function 33BAFA02 Relevance: .0, Instructions: 47COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1432494fd0274ba3a9bef2d4db9171feb0bf7609ee5adfc57e2e68e8f23d7e08
                                      • Instruction ID: 8e1094d02400ffee329452101554e3c0353401b52b1c1f491f35699f627c6fd0
                                      • Opcode Fuzzy Hash: 1432494fd0274ba3a9bef2d4db9171feb0bf7609ee5adfc57e2e68e8f23d7e08
                                      • Instruction Fuzzy Hash: 03018C71E11358ABCB04DBA9D845FEEBBB8EF44710F004026B844EB280DA78DA01CB90
                                      Function 33BAF367 Relevance: .0, Instructions: 45COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 339b122afa1d772983bfaa38217af7c9203a044cb7792bcb5867da1d1e1cceea
                                      • Instruction ID: 320083896858184ef12026d73ded03a5f0531826fb454cfaa66584d1bf74e0a0
                                      • Opcode Fuzzy Hash: 339b122afa1d772983bfaa38217af7c9203a044cb7792bcb5867da1d1e1cceea
                                      • Instruction Fuzzy Hash: 0301D471E01328ABD700DBA9D805FAF7BB8EF44700F000036B400EB280D674DA01C7A0
                                      Function 33B93370 Relevance: .0, Instructions: 44COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ed034e48ead1e6b79cc9206741e1bdfe31b1bc05f27bdd404418cb4b64f8afe9
                                      • Instruction ID: 9868d660fc5f4941f7ab324384450a6459b09a1ee73afecf0d39f3353a80f92b
                                      • Opcode Fuzzy Hash: ed034e48ead1e6b79cc9206741e1bdfe31b1bc05f27bdd404418cb4b64f8afe9
                                      • Instruction Fuzzy Hash: C311F875A40B84CBD365CB04C594FA5B7A1EB88B14F14843C944E8BE80CF3AA946DFA0
                                      Function 33BB972B Relevance: .0, Instructions: 44COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                      • Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
                                      • Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                      • Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94
                                      Function 33BC5636 Relevance: .0, Instructions: 44COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 56da8855ca9782be92260c78b209ef67773632016e7edee2cdf25754bcebeda2
                                      • Instruction ID: 2511bc77bb9ae68c05b7451f874aa9037d0530cb786ba8fb92b4297b4b40dfae
                                      • Opcode Fuzzy Hash: 56da8855ca9782be92260c78b209ef67773632016e7edee2cdf25754bcebeda2
                                      • Instruction Fuzzy Hash: DE116D78D10259EBCB04DFA9D545A9EB7B4EF18304F14806AE814EB740D734DA02CB64
                                      Function 33BC5152 Relevance: .0, Instructions: 43COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 731320c71087e5f195cc996a69f6c17783fb3170cae605822d15c24ebd8b7a16
                                      • Instruction ID: 53637e7bce1d1ef59dd43eafe594ed4487f0eb86e4fb2126ebe536de09589874
                                      • Opcode Fuzzy Hash: 731320c71087e5f195cc996a69f6c17783fb3170cae605822d15c24ebd8b7a16
                                      • Instruction Fuzzy Hash: 8D011AB5A11359ABDB00DFA9D945ADEBBB8EF49310F10406AE904E7240D678EA018BA0
                                      Function 33BC50D9 Relevance: .0, Instructions: 43COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c0a8fc98761d96d4a3c067a40c509d86ff5c13ca7d110e74ce7578f80a332571
                                      • Instruction ID: 2c9f24d373ac055e951a9c32d8454e8c5a10f4e41000bcfb2fe9ccb4fcd8805f
                                      • Opcode Fuzzy Hash: c0a8fc98761d96d4a3c067a40c509d86ff5c13ca7d110e74ce7578f80a332571
                                      • Instruction Fuzzy Hash: C2012CB5A1135DABDB00DFA9D945EDEBBF8EF49350F50406AE504F7380D674EA018BA0
                                      Function 33BC5060 Relevance: .0, Instructions: 43COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 19ada9029c6c7ca1237912f55709d77f58e1308a799be68512428fcb72eb6a07
                                      • Instruction ID: d74f7018a227d91e157ded3cf507befccc1c2ccfcbaf3b308065ca8752f024b7
                                      • Opcode Fuzzy Hash: 19ada9029c6c7ca1237912f55709d77f58e1308a799be68512428fcb72eb6a07
                                      • Instruction Fuzzy Hash: 77012175A11359ABCB04DF69D941DDEB7F8EF49350F50406AF504F7341D674EA018BA0
                                      Function 33B25734 Relevance: .0, Instructions: 43COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                      • Instruction ID: da6ee644dc8a4726fe283e619bc32e0601977e38d6a0af0665d63cd4981ba030
                                      • Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                      • Instruction Fuzzy Hash: AEF0FFB2A01624AFE309CF5CC844F9AFBEDEB45690F05417AD504DB230E671DE04CA94
                                      Function 33BC5537 Relevance: .0, Instructions: 43COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 16be8b735b09ee86f924f29b56c0c7f7d15a5fb74aa113e2f35f58daaed28a0f
                                      • Instruction ID: e85881b3ff662d2a7c33e730723d872031de4c230b07445cc9d984faecf5b247
                                      • Opcode Fuzzy Hash: 16be8b735b09ee86f924f29b56c0c7f7d15a5fb74aa113e2f35f58daaed28a0f
                                      • Instruction Fuzzy Hash: 251109B0A11259DFDB04DFA9D541BAEBBF4BF08300F04427AE558EB782E638D9418B90
                                      Function 33BAF78A Relevance: .0, Instructions: 42COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 677e0f9648db0d0a550cbbb1d2012be72c7f427d83a60790dda630881fa49c2b
                                      • Instruction ID: cda38feffbbdf151f7f9b8b1711cc4fd11c7f5032b17fdb47295a7d3e4b477c7
                                      • Opcode Fuzzy Hash: 677e0f9648db0d0a550cbbb1d2012be72c7f427d83a60790dda630881fa49c2b
                                      • Instruction Fuzzy Hash: 78014CB4E05709AFCB04DFA9D545A9EBBF4EF08300F00812AE855E7340EA74DA00CBA1
                                      Function 33BAF2F8 Relevance: .0, Instructions: 41COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2c96668a67471cd0dee7768469d1d6eb604896d485d8f6a5b3f32ec478f9f89b
                                      • Instruction ID: 10022225d7e7a35514a08b89349b1486b018f691dbb3df19be665443709bdb60
                                      • Opcode Fuzzy Hash: 2c96668a67471cd0dee7768469d1d6eb604896d485d8f6a5b3f32ec478f9f89b
                                      • Instruction Fuzzy Hash: 51F0AF72E15758ABDB04DBB9C905EEEB7B8EF44710F00816AE551EB680DA74DA018BA0
                                      Function 33B2724D Relevance: .0, Instructions: 40COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                                      • Instruction ID: 9ff58c6608f52ac1be1b1ae8bb78d2924dde5393f57028a140cf0a9672841e9b
                                      • Opcode Fuzzy Hash: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                                      • Instruction Fuzzy Hash: 26F0C2B5E01369AFEB04C7A88941FEA7BB8DF82750F088275FD09D7642D630DA40C754
                                      Function 33BC53FC Relevance: .0, Instructions: 39COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4010abc1051d6b12b89484f354d2a96101333744af5d1ee22ecb4393b02fae1b
                                      • Instruction ID: 230364230129d3c33b136560ebb5cd3fbe52b828fc6fc203743dcc93bad1cca1
                                      • Opcode Fuzzy Hash: 4010abc1051d6b12b89484f354d2a96101333744af5d1ee22ecb4393b02fae1b
                                      • Instruction Fuzzy Hash: 1E014C70E013099FDB04DFA9C545B9EB7F4FF08300F448276A518EB781DA349A408B90
                                      Function 33BC3749 Relevance: .0, Instructions: 38COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9c86c39bdb6e5f373c63bc0b61fffc749c090866831c7dd43b14b299580d1563
                                      • Instruction ID: 3e134d81fd3932ece177202743bdac94c20bc5bb1a8e0b658811ea5aa333426e
                                      • Opcode Fuzzy Hash: 9c86c39bdb6e5f373c63bc0b61fffc749c090866831c7dd43b14b299580d1563
                                      • Instruction Fuzzy Hash: 91F04FB6940348BFE711DB64CD41FDA77BCEB04714F000176A955EA590EA70AA44CBA0
                                      Function 33BAF3E6 Relevance: .0, Instructions: 35COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 72135fb2604350f2f6a0adc3816e6e4088dcce692d2a3ba2a34b038e2dbd0315
                                      • Instruction ID: 94f0ab39f3acafdca90643576d2c00792e6f1dce7bcbcfdede8fb6878aeb1862
                                      • Opcode Fuzzy Hash: 72135fb2604350f2f6a0adc3816e6e4088dcce692d2a3ba2a34b038e2dbd0315
                                      • Instruction Fuzzy Hash: ADF04F75E05358AFCB04DFA9D545E9EB7F4EF48300F404169B945EB381DA74DA01CB54
                                      Function 33BC55C9 Relevance: .0, Instructions: 35COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1070bbb8e5f059f1fac7f49c635a8dbdba41b29d6bb14fbb986ab3b296a972c9
                                      • Instruction ID: 516213ea89e3abeb8da3313447f466eba89bba2efe05450e77272f6cf711107b
                                      • Opcode Fuzzy Hash: 1070bbb8e5f059f1fac7f49c635a8dbdba41b29d6bb14fbb986ab3b296a972c9
                                      • Instruction Fuzzy Hash: B0F03C74A11349AFDB04DFA9D645E9EB7F4EF18300F50446AF845EB380D678DA00CB64
                                      Function 33B31BEF Relevance: .0, Instructions: 34COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 354be5869eb1750c63e6e04f0093569ff85f3ee12ec76ce6db4ac06c765b18de
                                      • Instruction ID: f951c8cc65e17fde13055e1d31338c00a44e4eb619d2bf21d3582203d8b19db0
                                      • Opcode Fuzzy Hash: 354be5869eb1750c63e6e04f0093569ff85f3ee12ec76ce6db4ac06c765b18de
                                      • Instruction Fuzzy Hash: 28F027743857319BF712AA2CDD01B0632E9FB51790F584838E044DF9A0DB68DC81CB81
                                      Function 33BAF6C7 Relevance: .0, Instructions: 33COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c0732662f263a2077f64a9439b1b730efccea6817e5fdfbb48a578f1e02b8c4a
                                      • Instruction ID: f02ba9cc14990d6eca5db3c41d174dc6ef6e9f535fcdd958144da9f14246e8bc
                                      • Opcode Fuzzy Hash: c0732662f263a2077f64a9439b1b730efccea6817e5fdfbb48a578f1e02b8c4a
                                      • Instruction Fuzzy Hash: 52F0CD74E14358EBCB04DFA8C905E9EBBF4EF08300F004169E544EB280EA38DA00CB54
                                      Function 33BC539D Relevance: .0, Instructions: 31COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0e7794514b31f6920c316fe79a4006aee3e849b19c3d6ed5f92286487d4ef4da
                                      • Instruction ID: 1d1481a672780a63707d694fc535998d80113ecf1ad645f576e3cf152f0adc3f
                                      • Opcode Fuzzy Hash: 0e7794514b31f6920c316fe79a4006aee3e849b19c3d6ed5f92286487d4ef4da
                                      • Instruction Fuzzy Hash: 69F0BEB0E2034CAFDB04DBB9D545F9EB7B8EF48300F508069E546EB280DA78DA01CB24
                                      Function 33BC5283 Relevance: .0, Instructions: 31COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b962bed33e7db1ef865a077f095f0361adeeaae12006a6aa241356f9068c4891
                                      • Instruction ID: 43b285055832066a6b138cf7fb83af0b588e3a7e5fa3093d9b39d1a6e93ef6fe
                                      • Opcode Fuzzy Hash: b962bed33e7db1ef865a077f095f0361adeeaae12006a6aa241356f9068c4891
                                      • Instruction Fuzzy Hash: CBF0BE70E11358ABDB04DBA9D505EAEB7F8FF04300F404469A481EB281EA38E9008B50
                                      Function 33BC52E2 Relevance: .0, Instructions: 31COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a1f83f5f2719556101c59a286a717958097dc0f9479ebc3572d1e04699abc5f9
                                      • Instruction ID: 525270fe09dc744f2b43128f94e808b3eb17b09170880327c953de40ad4e0a2e
                                      • Opcode Fuzzy Hash: a1f83f5f2719556101c59a286a717958097dc0f9479ebc3572d1e04699abc5f9
                                      • Instruction Fuzzy Hash: E7F0BE70A10398ABDB04DFB9EA45EAEB7B8EF54300F444069A441EB281EA78DA00CB14
                                      Function 33B29B28 Relevance: .0, Instructions: 31COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8ed099d7a4dea3ac13ba0ccbdcdf5a4bc4f0e695b0961cf1d0fd266ae7fefd8a
                                      • Instruction ID: 1b861aa1ae6cf42b92f334229a977588d23b24c4e1038e05cd269c5c7858d860
                                      • Opcode Fuzzy Hash: 8ed099d7a4dea3ac13ba0ccbdcdf5a4bc4f0e695b0961cf1d0fd266ae7fefd8a
                                      • Instruction Fuzzy Hash: D0F0E27DA127A48FE321C714C584F027BECEB04BB8F496575D485CB913C724E880C650
                                      Function 33BC5341 Relevance: .0, Instructions: 30COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 08767c8ee9abcaa92a49f7db5f272bc85b964720e59ebdbd4f9952a6d08cfbde
                                      • Instruction ID: 4c54e7de7dac16462bc0305edcf18e224de102b8c57de939bee3ccef499572b9
                                      • Opcode Fuzzy Hash: 08767c8ee9abcaa92a49f7db5f272bc85b964720e59ebdbd4f9952a6d08cfbde
                                      • Instruction Fuzzy Hash: 32F02770E05348ABCB04DBB9D645E9E77F8EF49340F500169E442FB2D0EA78DA00C724
                                      Function 33BC5227 Relevance: .0, Instructions: 30COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d0d56815b2aab041282aeaa6709a2e46a73522e43772d33659a91e74d06f12d3
                                      • Instruction ID: b232dd73e5ecb3c661033455d7a3f0bee51be0ec680cf4d25224a2a8c3dbaeb9
                                      • Opcode Fuzzy Hash: d0d56815b2aab041282aeaa6709a2e46a73522e43772d33659a91e74d06f12d3
                                      • Instruction Fuzzy Hash: C3F0E270E15358ABDB04DBA9D505EAE73F8EF04300F440069A901EB280EA74D9008754
                                      Function 33B27208 Relevance: .0, Instructions: 30COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b0098c8e58d961300080de937364fca5e60ec630d48da44ce6fe97d54507db5d
                                      • Instruction ID: 1f589697f5a637cd1634e3597ffc0e02abcaa8af8aeaedc0d714a9d985e9af51
                                      • Opcode Fuzzy Hash: b0098c8e58d961300080de937364fca5e60ec630d48da44ce6fe97d54507db5d
                                      • Instruction Fuzzy Hash: C3F0A77AD11BA59FE312C718C195F0177DCDB017B8F195971D809CB913CB68D8C0C650
                                      Function 33BC51CB Relevance: .0, Instructions: 30COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 981765d8f947bcb1f8e7a23a81f161eed6f63bd3dd232708cfe12dd29e79afd4
                                      • Instruction ID: 85247e9427d1ff6c3e1c4608b3c087da0a34392ce0fb533f7de5defc0c148d46
                                      • Opcode Fuzzy Hash: 981765d8f947bcb1f8e7a23a81f161eed6f63bd3dd232708cfe12dd29e79afd4
                                      • Instruction Fuzzy Hash: 76F082B0E15359ABDB04DBA9D606E5E77F8EF44304F440069A951EB6C0EA74D901C764
                                      Function 33B6D070 Relevance: .0, Instructions: 30COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                                      • Instruction ID: 0e5a9187bb1740aad8283894d644501f67ac327a4a8b6e3b9e2bdbc084a895d9
                                      • Opcode Fuzzy Hash: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                                      • Instruction Fuzzy Hash: 3AF0E533A4471467C230AA098C05F5BBBACDBD5B70F10032AB9649B1D0DA709901CBE6
                                      Function 33BAF72E Relevance: .0, Instructions: 30COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 46dca801d8dbff16583e28593dac74d5a0b73fd10c59282b6574bd49185cefdd
                                      • Instruction ID: c6155ed9d407f9b6cde676293eb2594b77ee9c1671975399fc5b1e45a2affc8f
                                      • Opcode Fuzzy Hash: 46dca801d8dbff16583e28593dac74d5a0b73fd10c59282b6574bd49185cefdd
                                      • Instruction Fuzzy Hash: 97F0A075A15748ABDB04DBF9DA5AF9F77F8EF08704F440168E641EB2C0EA78D9018728
                                      Function 33BC54DB Relevance: .0, Instructions: 30COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3280b3d70a49c342c9b73c7c5d82624a0dbcd4ed317023050af26b3d21c79de4
                                      • Instruction ID: 18570bba7839a7d4d0a816803faf2b72550ffb6de33e044156a0c6629c9ba721
                                      • Opcode Fuzzy Hash: 3280b3d70a49c342c9b73c7c5d82624a0dbcd4ed317023050af26b3d21c79de4
                                      • Instruction Fuzzy Hash: 33F08270A11348ABDB04DBA9D556F9E7BB8EF08304F540069A541EB681EA78D9008724
                                      Function 33BC547F Relevance: .0, Instructions: 30COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 63f3c24cf8704ef44c618db70c5821eb75d4edba7927a6c39e1512ac03375928
                                      • Instruction ID: d26616d6a0cc8b13f6fd0e7ef82f7d5478768b53aeef4b6044b4ad66281276ed
                                      • Opcode Fuzzy Hash: 63f3c24cf8704ef44c618db70c5821eb75d4edba7927a6c39e1512ac03375928
                                      • Instruction Fuzzy Hash: 1BF08C70A12748ABDB04DBAAD646E9E77B8EF48304F540069E641EB380EA78D9018768
                                      Function 33BAFB97 Relevance: .0, Instructions: 30COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3a6f309ad92a92fdaf0c3c962dad7b13d09606e55e0be36f7282015d697595a9
                                      • Instruction ID: 8659ccaea59bfad70c9f01e760a24b752b930474e08ea6dc1119fb3283c7a1ee
                                      • Opcode Fuzzy Hash: 3a6f309ad92a92fdaf0c3c962dad7b13d09606e55e0be36f7282015d697595a9
                                      • Instruction Fuzzy Hash: 9FF08271A15348EBDB04DBA9D95AF9F77F4EF08304F440165E541EB2C1D978D9018768
                                      Function 33BAFBF3 Relevance: .0, Instructions: 30COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 93c2e31b5afa1529a6d7567d01e1accd21db5f8af643910bb9a0fe062a8e8a2f
                                      • Instruction ID: a8ba36b8d397caa1a8632f84a8521eacf51a1bc7316c7bcdf7e9eda8b152ac9c
                                      • Opcode Fuzzy Hash: 93c2e31b5afa1529a6d7567d01e1accd21db5f8af643910bb9a0fe062a8e8a2f
                                      • Instruction Fuzzy Hash: FAF0A7B1A15348ABDB04EBADD95AF9E77F4EF08704F440164E541EB2C0E978DD01C724
                                      Function 33B255C0 Relevance: .0, Instructions: 28COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 09511f6a5b3cabbe784265c74914248b525a176bb6667c193042ebcc910e885d
                                      • Instruction ID: 24464810a7b1aa11abc05f4e53ddba92de3e96ff1f89413b9492fe962748f147
                                      • Opcode Fuzzy Hash: 09511f6a5b3cabbe784265c74914248b525a176bb6667c193042ebcc910e885d
                                      • Instruction Fuzzy Hash: 2DE0ED33502724AFD2210A06D804F02FFA9FF91BB0F14823AE09C979A08B70E811CAE4
                                      Function 33BC37B6 Relevance: .0, Instructions: 27COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 151fa3eda0d68173f6b84e2a92513b46d7512e2f74e79334ea38076815889cea
                                      • Instruction ID: 4da46521b5b5ad39372667ade5aa73f9d50dfb13e07b7c5e86354096a0eebb37
                                      • Opcode Fuzzy Hash: 151fa3eda0d68173f6b84e2a92513b46d7512e2f74e79334ea38076815889cea
                                      • Instruction Fuzzy Hash: 7EE06DB2611650AFDB64CB58CD45FA673ACEB04760F940269B119D74D0DBB4AE40CA70
                                      Function 33B1DAAE Relevance: .0, Instructions: 25COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fba1a1ac6ad799d61c2ddc326d185083a10fe0a07a476c97b5d34b5c0ba45396
                                      • Instruction ID: 17d2931a5c559c44347650c3b801ffd3a24d0ed25169e24c5e3ea61078598599
                                      • Opcode Fuzzy Hash: fba1a1ac6ad799d61c2ddc326d185083a10fe0a07a476c97b5d34b5c0ba45396
                                      • Instruction Fuzzy Hash: 8DF08C71910B60CFD324CF18D140BA6B3F8EB84764F1486ACE11A8B691C77AD883CB80
                                      Function 33BAB3D0 Relevance: .0, Instructions: 21COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                                      • Instruction ID: 25a57dc05dac277bf9f2277fd4198325c80e84a59e3408c5b8a50b5c15482ded
                                      • Opcode Fuzzy Hash: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                                      • Instruction Fuzzy Hash: 0BE0C231288B14BBEB225A44CD00F697B59EB807E0F104032FA08AAA90CA75AD91DAD4
                                      Function 33B792BC Relevance: .0, Instructions: 20COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6412436dabd4504560c80854a86c0f65d7a48f441a7114cf521cad7a651a8f83
                                      • Instruction ID: 9d9618ab3da3cb50e72e0e76a0452e2b325b911ee5a49a63b05621ae71126658
                                      • Opcode Fuzzy Hash: 6412436dabd4504560c80854a86c0f65d7a48f441a7114cf521cad7a651a8f83
                                      • Instruction Fuzzy Hash: 55F0C974651B80CFF61ADF08C1A1B5173BAFB45B40F910469D4464BBA1C73A9942CA40
                                      Function 33B85AD0 Relevance: .0, Instructions: 20COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c545d50f61dea5e671e22edea6ff08ade0f67ffca453c31370c0e8b5fadfe58e
                                      • Instruction ID: 6acc1bfdfdd86e96d93231c81936664b8b769dea9dfe15f4fdf4c30c27e821f9
                                      • Opcode Fuzzy Hash: c545d50f61dea5e671e22edea6ff08ade0f67ffca453c31370c0e8b5fadfe58e
                                      • Instruction Fuzzy Hash: 04E08632550B549FE3218A09D848F82BBD8EB15374F04C82AE55987950C779F880CF90
                                      Function 33AEB562 Relevance: .0, Instructions: 17COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 513c018af8093926a425ffcf59a89caa6ba2b1d98b48f3b0c5e1abf4a0335a68
                                      • Instruction ID: 74a7b4ab03bf0d88794733fecfcabbbbdfebb219ff5b3925f0000cccc3f20fff
                                      • Opcode Fuzzy Hash: 513c018af8093926a425ffcf59a89caa6ba2b1d98b48f3b0c5e1abf4a0335a68
                                      • Instruction Fuzzy Hash: F3D05E31562B60AFC7325F11EE09F827FB5AF80B10F45056AB04A668F086A1ED84CAA0
                                      Function 33B7930B Relevance: .0, Instructions: 12COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                      • Instruction ID: c4f0a534adee22a076ff3ee2c5fe57aec53db21dac305c8e5107cbaddf60b953
                                      • Opcode Fuzzy Hash: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                      • Instruction Fuzzy Hash: C8D05E79941AC4CFE317CB04C161B407BF8FB05B40FCA00A8E0424BBA2C37C9A84CB00
                                      Function 33AEBA10 Relevance: .0, Instructions: 11COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 427ca6eb96b90581979905a4aca713d96a8f2b591aa70216cf78c0d13fec8dd2
                                      • Instruction ID: f0b87be59cee4d5fa5a2d388e2b35fe183fdc77b729d1e10f3c33c2dc418dd8c
                                      • Opcode Fuzzy Hash: 427ca6eb96b90581979905a4aca713d96a8f2b591aa70216cf78c0d13fec8dd2
                                      • Instruction Fuzzy Hash: B5C08C32280748BBC7229A91CD01F027F69E790BA0F000031B60886960C632E820D994
                                      Function 33B1340D Relevance: .0, Instructions: 10COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 228d46562787cc6ef91b6aff40b17c30ce715ed8b58bcfbb69b93c396a4a2043
                                      • Instruction ID: f6a6b4a9c7a09811b94c13a9a4e2f8ada33c7766d23c3887175ebbae8e7d238f
                                      • Opcode Fuzzy Hash: 228d46562787cc6ef91b6aff40b17c30ce715ed8b58bcfbb69b93c396a4a2043
                                      • Instruction Fuzzy Hash: 60C08CB8A41A906AFB1B4700D944F283E54FB4078AFC801BCBA48698A1D368D8229638
                                      Function 33AEBAE0 Relevance: .0, Instructions: 10COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 24e2e236a666f9bb1d1a1b83819c978e318f65d854f46dc04eb5f7dcdd2b4c2a
                                      • Instruction ID: 2668903bce3c1e86f8e11c21d808e045213bedd935d63b91c0ff7bdb4ccd3b05
                                      • Opcode Fuzzy Hash: 24e2e236a666f9bb1d1a1b83819c978e318f65d854f46dc04eb5f7dcdd2b4c2a
                                      • Instruction Fuzzy Hash: A8C08C32180748BBC7225A42CD00F017F29E7A0BA0F000020B6080A9608632E860D998
                                      Function 33B1BADA Relevance: .0, Instructions: 10COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fae17e15df103d916078b63446277b6c5133775b70c9e45a56900ed3f7caece7
                                      • Instruction ID: 966f6aa38e74eca7d06259c5ee0b33df25782bdee21e75209d07d01bdd4f385a
                                      • Opcode Fuzzy Hash: fae17e15df103d916078b63446277b6c5133775b70c9e45a56900ed3f7caece7
                                      • Instruction Fuzzy Hash: 2AC02B701604C09ADB058B30CC40F143658F700A21FA80378712046CF0CF689C00D904
                                      Function 33B33090 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 65cba13fb97212a65088754cf4e3d10c8b6a0b2139578bc49adca822c59cb8b9
                                      • Instruction ID: 6d32bc01849e8c6f61a74abe44aca6b8327c53f0f64fd9548883f6a06f158a37
                                      • Opcode Fuzzy Hash: 65cba13fb97212a65088754cf4e3d10c8b6a0b2139578bc49adca822c59cb8b9
                                      • Instruction Fuzzy Hash: B290022124140C02D1407158C424707000687D0602F55C022A0028515D86578A6977B5
                                      Function 33B33010 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 731b084e694ca8fb4c7f0058d3af40d7d403f3e372de928c243f97b31e79fa4c
                                      • Instruction ID: 74a035be77ce2ad98d872d9c0e7bf5277944e7200a651973306637ae8f7598d6
                                      • Opcode Fuzzy Hash: 731b084e694ca8fb4c7f0058d3af40d7d403f3e372de928c243f97b31e79fa4c
                                      • Instruction Fuzzy Hash: F590022120184842D14072588814B0F410547E1203F95C02AA415A515CC95689596725
                                      Function 33B335C0 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3f1beee7859669c19eafbab46a1eb4d365919301cd8a8db87b0ce6744a3b49dc
                                      • Instruction ID: bdb2ef62389d3bf48a40982034ea68189a167f2e803274ea20a46907227a87e7
                                      • Opcode Fuzzy Hash: 3f1beee7859669c19eafbab46a1eb4d365919301cd8a8db87b0ce6744a3b49dc
                                      • Instruction Fuzzy Hash: D390023160550802D10071588524706100547D0202F65C422A0428529D87D68A5576A6
                                      Function 33B339B0 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 448b4ddd0e20ec5c5adda8e1d9d09f4b94e51c63d31a30110b9c21a78a7f97e0
                                      • Instruction ID: c94660be74eb4de99ee47797ee27b268232c57161fe3230b082668d977adc94f
                                      • Opcode Fuzzy Hash: 448b4ddd0e20ec5c5adda8e1d9d09f4b94e51c63d31a30110b9c21a78a7f97e0
                                      • Instruction Fuzzy Hash: 3890022124545502D150715C8414616400567E0202F55C032A0818555D859689597325
                                      Function 33B33D10 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6407b97b03eaa793c47a199c12b40d241a35bb4ac919995d9973f3ca39dc3be3
                                      • Instruction ID: ed64f55fcf447d4056a706f2c7a85b1396f4e56996cd6d4f935fad3ec9acc940
                                      • Opcode Fuzzy Hash: 6407b97b03eaa793c47a199c12b40d241a35bb4ac919995d9973f3ca39dc3be3
                                      • Instruction Fuzzy Hash: 3690023120240542954072589814A4E410547E1303B95D426A0019515CC95589656325
                                      Function 33B33D70 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fd25ddf0000507365f8ab8b1a924e1e49afb0e2a07395c411ac316c3a7dd0c62
                                      • Instruction ID: 093f243e737b7134453b3ffbe09beb7d8245f13486fdb8114a326a51adf28bc3
                                      • Opcode Fuzzy Hash: fd25ddf0000507365f8ab8b1a924e1e49afb0e2a07395c411ac316c3a7dd0c62
                                      • Instruction Fuzzy Hash: 7D90023520140802D51071589814646004647D0302F55D422A0428519D869589A5B225
                                      Function 33B34340 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: def668de3504851368e6a9d245b3ff0ebddd3132c582eab0902cf9a6d73d2de2
                                      • Instruction ID: ec1eef5d289c9a46f586c5e59bab78d428508c63056a13f47b52aa78eb603857
                                      • Opcode Fuzzy Hash: def668de3504851368e6a9d245b3ff0ebddd3132c582eab0902cf9a6d73d2de2
                                      • Instruction Fuzzy Hash: 5A90023160580412914071588894546400557E0302B55C022E0428515C8A558A5A6365
                                      Function 33B34650 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7dbad481356b7c5b729b11b3f15a26c7027406b0fb9667b69505691da7f95718
                                      • Instruction ID: 0526cdd6be9ed6f1de0909f53d78538e28a2efad4a65c0985e82e7fee78b8c97
                                      • Opcode Fuzzy Hash: 7dbad481356b7c5b729b11b3f15a26c7027406b0fb9667b69505691da7f95718
                                      • Instruction Fuzzy Hash: A990026160150442414071588814406600557E1302395C126A0558521C86598959A36D
                                      Function 33B32BA0 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a73ef862e755fff5ab2d75971a75628946acbcaa699acfd5563f2057914a4096
                                      • Instruction ID: 4c710cf15cfc0c492e1e19aa09ac262ac4eb529f72cb90f1a249d468d054446f
                                      • Opcode Fuzzy Hash: a73ef862e755fff5ab2d75971a75628946acbcaa699acfd5563f2057914a4096
                                      • Instruction Fuzzy Hash: AB90023160540C02D15071588424746000547D0302F55C022A0028615D87968B5977A5
                                      Function 33B32B80 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1b56c94bd2a012383bad5b8a7b9136bdd52840285cdc7ab6ab335709755a892d
                                      • Instruction ID: 577ad9c685e387b2202f196c2eb7d20d9c7d7aedbe754b048623341890e29b70
                                      • Opcode Fuzzy Hash: 1b56c94bd2a012383bad5b8a7b9136bdd52840285cdc7ab6ab335709755a892d
                                      • Instruction Fuzzy Hash: B690023120140C02D10471588814686000547D0302F55C022A6028616E96A689957235
                                      Function 33B32BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 35eafa14543deaf20f920fd829ac3e2176fce35d5d0f39fd0baabff13b52eca3
                                      • Instruction ID: 737b212310aeed28a45a2846fda9e98c1bab512218c566fdb64030352a3920f1
                                      • Opcode Fuzzy Hash: 35eafa14543deaf20f920fd829ac3e2176fce35d5d0f39fd0baabff13b52eca3
                                      • Instruction Fuzzy Hash: DE90023120140C02D1807158841464A000547D1302F95C026A0029615DCA568B5D77A5
                                      Function 33B32BE0 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ed4ed439a11ebb5e85d4fdc965c1ffb2f2deb4c1e0d56270fb95bbb2e355cd24
                                      • Instruction ID: 7ea1bf9d232d99bb7a281522b781d8491c496efb5d850328c8e833ac50d8ae1c
                                      • Opcode Fuzzy Hash: ed4ed439a11ebb5e85d4fdc965c1ffb2f2deb4c1e0d56270fb95bbb2e355cd24
                                      • Instruction Fuzzy Hash: B490023120544C42D14071588414A46001547D0306F55C022A0068655D96668E59B765
                                      Function 33B32B60 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 31ebb3b0361cdc2d1bf0b3ba557fbbf0761fe7db84f6a4898938726dc0cb09eb
                                      • Instruction ID: 1de7065c945d22ad7349dc7430eb6492162c64d7d63c3199cb1e4279e438322e
                                      • Opcode Fuzzy Hash: 31ebb3b0361cdc2d1bf0b3ba557fbbf0761fe7db84f6a4898938726dc0cb09eb
                                      • Instruction Fuzzy Hash: 9090026120240403410571588424616400A47E0202B55C032E1018551DC56689957229
                                      Function 33B32AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e801ebdaf2ff99cb55f61cbe78ea68d257f8d2014d89bb9b012228c28d7b597b
                                      • Instruction ID: a71b152308b416055adf0eb6fdf291505def230fe105208834169dc7557ccdfc
                                      • Opcode Fuzzy Hash: e801ebdaf2ff99cb55f61cbe78ea68d257f8d2014d89bb9b012228c28d7b597b
                                      • Instruction Fuzzy Hash: 149002A1201544924500B258C414B0A450547E0202B55C027E1058521CC5668955A239
                                      Function 33B32AF0 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a54679a0290db7062e4b207b85a9e3c4eaed4296b7d0a4c91077b308af3e3f22
                                      • Instruction ID: cc5ee2a4e6452837665b79be4fba9caf30b77601a985ad405c99ca15e9082c86
                                      • Opcode Fuzzy Hash: a54679a0290db7062e4b207b85a9e3c4eaed4296b7d0a4c91077b308af3e3f22
                                      • Instruction Fuzzy Hash: 51900225221404020145B558461450B044557D6352395C026F141A551CC66289696325
                                      Function 33B32AD0 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 505d4898596b8749f4d0a737c9d47316b88ed4a0e8c97d3405797c944a7e9921
                                      • Instruction ID: 8ae518a9a28a2945ef0a18adba58969c15081ae2e87dab9dd80a9a5996909997
                                      • Opcode Fuzzy Hash: 505d4898596b8749f4d0a737c9d47316b88ed4a0e8c97d3405797c944a7e9921
                                      • Instruction Fuzzy Hash: C5900435311404030105F55C4714507004747D5353355C033F101D511CD773CD757335
                                      Function 33B32FB0 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 136a235c6a20426ffb9df61f25e5c4f7a74852ab21e65f4959271bb146f36b48
                                      • Instruction ID: a35995fe82dd96e5aeb97777bdb017344eed19ed9d940e9660a8d2f6d27fd801
                                      • Opcode Fuzzy Hash: 136a235c6a20426ffb9df61f25e5c4f7a74852ab21e65f4959271bb146f36b48
                                      • Instruction Fuzzy Hash: 649002216014044241407168C85490640056BE1212755C132A099C511D859A89696769
                                      Function 33B32FA0 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 70949087976c0e1d6c956ef9c68fc4a28f6f7f162b5d3f26afaf279151463fe9
                                      • Instruction ID: 404da0e833cc6cb31b87770f4e16898ec3c5581167376fcba1247823cccea54d
                                      • Opcode Fuzzy Hash: 70949087976c0e1d6c956ef9c68fc4a28f6f7f162b5d3f26afaf279151463fe9
                                      • Instruction Fuzzy Hash: 9390023120180802D10071588818747000547D0303F55C022A5168516E86A6C9957635
                                      Function 33B32F90 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cc7091791d8e0f023c58925ecba9859b7907b4dd4ebb58e3dea2bb446d1bbef9
                                      • Instruction ID: 3d6dc5df784e8f5b77566722f22a601f9d4565b8f142d62ef628cbfb63d64176
                                      • Opcode Fuzzy Hash: cc7091791d8e0f023c58925ecba9859b7907b4dd4ebb58e3dea2bb446d1bbef9
                                      • Instruction Fuzzy Hash: FC90023120180802D1007158882470B000547D0303F55C022A1168516D866689557675
                                      Function 33B32FE0 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4b3ffc94172b707bdd507db68b39d1301b29fd7c8c3daa00e23a307e1b8d5094
                                      • Instruction ID: 998b9145f9f9050f386284d7a30a3366c4c89131af70b17c759947309441319e
                                      • Opcode Fuzzy Hash: 4b3ffc94172b707bdd507db68b39d1301b29fd7c8c3daa00e23a307e1b8d5094
                                      • Instruction Fuzzy Hash: F9900221211C0442D20075688C24B07000547D0303F55C126A0158515CC95689656625
                                      Function 33B32F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 56b81c165ed33b7e26d8c37a38c2a44f0f0a11dc1d1f44c922b1c6b6d47a83fb
                                      • Instruction ID: c9881674d4cfd4b63bd7a532bb05917335379cc79b113b8d32ab73ccc1733ef1
                                      • Opcode Fuzzy Hash: 56b81c165ed33b7e26d8c37a38c2a44f0f0a11dc1d1f44c922b1c6b6d47a83fb
                                      • Instruction Fuzzy Hash: 0890026134140842D10071588424B06000587E1302F55C026E1068515D865ACD56722A
                                      Function 33B32F60 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: dde98e8b1a22237ac6efe77dd05cde90b0bbfccda05ce55a7985739d77010053
                                      • Instruction ID: 209b7fdab4825f557cc99de6c20f9458eae89284242bdf7d4a840fd79b78fdf2
                                      • Opcode Fuzzy Hash: dde98e8b1a22237ac6efe77dd05cde90b0bbfccda05ce55a7985739d77010053
                                      • Instruction Fuzzy Hash: 1590026121140442D10471588414706004547E1202F55C023A2158515CC56A8D656229
                                      Function 33B32EA0 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4e8542e3f69a931ea71e0a1fb61ab8b35335767ce19e5cb468ef2f4396c11349
                                      • Instruction ID: c0395baa43a6931f0d070c42222f8491d798700118548763c28641889cda9e61
                                      • Opcode Fuzzy Hash: 4e8542e3f69a931ea71e0a1fb61ab8b35335767ce19e5cb468ef2f4396c11349
                                      • Instruction Fuzzy Hash: 6690027120140802D14071588414746000547D0302F55C022A5068515E869A8ED97769
                                      Function 33B32E80 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c33c7e55d16f6576b02cd1255cf4f4c534873ef385ff1499d52cbca7ce6bb3b2
                                      • Instruction ID: b7172985c5798368cfc9e40d7cc67df41e2bf68e3ee2a2f33bb275742b4a2dd9
                                      • Opcode Fuzzy Hash: c33c7e55d16f6576b02cd1255cf4f4c534873ef385ff1499d52cbca7ce6bb3b2
                                      • Instruction Fuzzy Hash: 5A90022160140902D10171588414616000A47D0242F95C033A1028516ECA668A96B235
                                      Function 33B32EE0 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b89a4c8129d37879d6f48b72aeff6a19458d118fc51d816e238246ed0b110048
                                      • Instruction ID: 500603094a4034f1a68e236d2eb7537eff47268a347065159d79835249d3e3c8
                                      • Opcode Fuzzy Hash: b89a4c8129d37879d6f48b72aeff6a19458d118fc51d816e238246ed0b110048
                                      • Instruction Fuzzy Hash: 6590026120180803D14075588814607000547D0303F55C022A2068516E8A6A8D557239
                                      Function 33B32E30 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 84d9918c96bc8ba8a3eece2d5d028325cd72eba39c4e74e83ac9d5c16533155e
                                      • Instruction ID: c40ba29b51db7930573cd45b11cd9819c07a3fe598b3ed921dc726084d1a9ef8
                                      • Opcode Fuzzy Hash: 84d9918c96bc8ba8a3eece2d5d028325cd72eba39c4e74e83ac9d5c16533155e
                                      • Instruction Fuzzy Hash: 3590022130140802D10271588424606000987D1346F95C023E1428516D86668A57B236
                                      Function 33B32DB0 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b153f04a3f708363cdc715636da46e19c9afefd7a151b61ac0abf25a6c9b0853
                                      • Instruction ID: ecdf73472d62d1a9ed5c3a06ffd558174c8b19d30df82aac9739d35d4a4fa6b4
                                      • Opcode Fuzzy Hash: b153f04a3f708363cdc715636da46e19c9afefd7a151b61ac0abf25a6c9b0853
                                      • Instruction Fuzzy Hash: FE90023124140802D14171588414606000957D0242F95C023A0428515E86968B5ABB65
                                      Function 33B32DD0 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f53931e288e13cbcdb336422fb1929365b15263db60a65ad80c1901c372b43aa
                                      • Instruction ID: ffcefc524be81107f5bb81e977bb988804c59be39add647ee9092882bc561be7
                                      • Opcode Fuzzy Hash: f53931e288e13cbcdb336422fb1929365b15263db60a65ad80c1901c372b43aa
                                      • Instruction Fuzzy Hash: DE900221242445525545B1588414507400657E0242795C023A1418911C8567995AE725
                                      Function 33B32D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 06fdf0a23469eb928df9ea11366d5957239cef245eb6c8383f83d118449bfe63
                                      • Instruction ID: 63bb1e6eb51119e57a50e51240268e1b661412fee218c01e61c93e65a1536645
                                      • Opcode Fuzzy Hash: 06fdf0a23469eb928df9ea11366d5957239cef245eb6c8383f83d118449bfe63
                                      • Instruction Fuzzy Hash: CD90022130140403D14071589428606400597E1302F55D022E0418515CD956895A6326
                                      Function 33B32D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b6f299ab9701812e90968eba01dacd3595e346ee09b49bd2d4a2347642fb92e8
                                      • Instruction ID: 405677ce6338be7093dbe475cb051da7f5bb2200bcb25cf7d03ef0b3e59ecc4a
                                      • Opcode Fuzzy Hash: b6f299ab9701812e90968eba01dacd3595e346ee09b49bd2d4a2347642fb92e8
                                      • Instruction Fuzzy Hash: AB90022921340402D1807158941860A000547D1203F95D426A0019519CC956896D6325
                                      Function 33B32D00 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7a8b4b51ca7e0151ade42fad0fa1e25d7b94d985fddc7aa844df82bee4e0dd23
                                      • Instruction ID: 51e798d4760152d38a00738c4e25d0b2be09b453bcab909e1af7d93317b9b8a4
                                      • Opcode Fuzzy Hash: 7a8b4b51ca7e0151ade42fad0fa1e25d7b94d985fddc7aa844df82bee4e0dd23
                                      • Instruction Fuzzy Hash: 0490022120544842D10075589418A06000547D0206F55D022A1068556DC6768955B235
                                      Function 33B32CA0 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f3dcc474c5facb06de0372ad1b7a171072650f80cd165d3dfd39fdb5d11d86d3
                                      • Instruction ID: 14b3d0b7c771bdd3078ae408ec3b2985be98c202a6a26376d70bf0587385f21f
                                      • Opcode Fuzzy Hash: f3dcc474c5facb06de0372ad1b7a171072650f80cd165d3dfd39fdb5d11d86d3
                                      • Instruction Fuzzy Hash: F490023120140802D10075989418646000547E0302F55D022A5028516EC6A689957235
                                      Function 33B32CF0 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 136e4281ac894ab2c5b5f8239008575716665645000a7f0be4c8adec17a8ef34
                                      • Instruction ID: 35a791f3aaf7bfda047204b98890814015fcb0cb4e15acd37bacfdc3f16834b7
                                      • Opcode Fuzzy Hash: 136e4281ac894ab2c5b5f8239008575716665645000a7f0be4c8adec17a8ef34
                                      • Instruction Fuzzy Hash: E090023120140803D10071589518707000547D0202F55D422A0428519DD69789557225
                                      Function 33B32CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8f500be604238094f480e2573535e2a517b8a7109b3dc9cdf03510aef883cbd0
                                      • Instruction ID: f8b7bdc03333ebb0e30e653bbf968b19eae321741fff05b76fd884134ee60df6
                                      • Opcode Fuzzy Hash: 8f500be604238094f480e2573535e2a517b8a7109b3dc9cdf03510aef883cbd0
                                      • Instruction Fuzzy Hash: EE90022160540802D14071589428706001547D0202F55D022A0028515DC69A8B5977A5
                                      Function 33B32C70 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5af75c04a7723fc9892e2b679d084ec239d68d1c5398b0e0b5592eb6e9a20e91
                                      • Instruction ID: 005862d6c33ef75a88f823909f9f3a749bc11b2fc226ee15bf852674a8fde8cb
                                      • Opcode Fuzzy Hash: 5af75c04a7723fc9892e2b679d084ec239d68d1c5398b0e0b5592eb6e9a20e91
                                      • Instruction Fuzzy Hash: 4990023120148C02D1107158C41474A000547D0302F59C422A4428619D86D689957225
                                      Function 33B32C60 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 51710e543fe5a002df37e6cdec719dbb0af78d6bdd9fed34a6ffce2e408821fb
                                      • Instruction ID: 60aa887e8f6b03d6f4762de1b9ad89cf2df0c82c7472e5415a27a775d841a952
                                      • Opcode Fuzzy Hash: 51710e543fe5a002df37e6cdec719dbb0af78d6bdd9fed34a6ffce2e408821fb
                                      • Instruction Fuzzy Hash: D590023120140C42D10071588414B46000547E0302F55C027A0128615D8656C9557625
                                      Function 33B32C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                      • Instruction ID: 49733c9ab13695aa35c04764c4033ef5df4764fe7bf8197cd316e6d65e2324ad
                                      • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                      • Instruction Fuzzy Hash:
                                      Function 33B32890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1124 33b32890-33b328b3 1125 33b6a4bc-33b6a4c0 1124->1125 1126 33b328b9-33b328cc 1124->1126 1125->1126 1127 33b6a4c6-33b6a4ca 1125->1127 1128 33b328ce-33b328d7 1126->1128 1129 33b328dd-33b328df 1126->1129 1127->1126 1132 33b6a4d0-33b6a4d4 1127->1132 1128->1129 1131 33b6a57e-33b6a585 1128->1131 1130 33b328e1-33b328e5 1129->1130 1133 33b328eb-33b328fa 1130->1133 1134 33b32988-33b3298e 1130->1134 1131->1129 1132->1126 1135 33b6a4da-33b6a4de 1132->1135 1136 33b32900-33b32905 1133->1136 1137 33b6a58a-33b6a58d 1133->1137 1138 33b32908-33b3290c 1134->1138 1135->1126 1139 33b6a4e4-33b6a4eb 1135->1139 1136->1138 1137->1138 1138->1130 1140 33b3290e-33b3291b 1138->1140 1141 33b6a564-33b6a56c 1139->1141 1142 33b6a4ed-33b6a4f4 1139->1142 1143 33b32921 1140->1143 1144 33b6a592-33b6a599 1140->1144 1141->1126 1145 33b6a572-33b6a576 1141->1145 1146 33b6a4f6-33b6a4fe 1142->1146 1147 33b6a50b 1142->1147 1150 33b32924-33b32926 1143->1150 1152 33b6a5a1-33b6a5c9 call 33b40050 1144->1152 1145->1126 1151 33b6a57c call 33b40050 1145->1151 1146->1126 1148 33b6a504-33b6a509 1146->1148 1149 33b6a510-33b6a536 call 33b40050 1147->1149 1148->1149 1164 33b6a55d-33b6a55f 1149->1164 1154 33b32993-33b32995 1150->1154 1155 33b32928-33b3292a 1150->1155 1151->1164 1154->1155 1159 33b32997-33b329b1 call 33b40050 1154->1159 1161 33b32946-33b32966 call 33b40050 1155->1161 1162 33b3292c-33b3292e 1155->1162 1173 33b32969-33b32974 1159->1173 1161->1173 1162->1161 1167 33b32930-33b32944 call 33b40050 1162->1167 1169 33b32981-33b32985 1164->1169 1167->1161 1173->1150 1175 33b32976-33b32979 1173->1175 1175->1152 1176 33b3297f 1175->1176 1176->1169
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: ___swprintf_l
                                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                      • API String ID: 48624451-2108815105
                                      • Opcode ID: 985577a8d9997d6469826c9e479977cd37678c39320ca213318085af5d78804e
                                      • Instruction ID: e8f9265c1158a1f1e1b318e1a32f630bd80bcf2f3771b6782aab806ffb8b893b
                                      • Opcode Fuzzy Hash: 985577a8d9997d6469826c9e479977cd37678c39320ca213318085af5d78804e
                                      • Instruction Fuzzy Hash: A251F9B6A00266BFDB10DF98C89097EF7B8FF09250B54827AE4E4D7641D734DE408BA0
                                      Function 33BA2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1177 33ba2410-33ba2433 1178 33ba2439-33ba243d 1177->1178 1179 33ba24ec-33ba24ff 1177->1179 1178->1179 1180 33ba2443-33ba2447 1178->1180 1181 33ba2513-33ba2515 1179->1181 1182 33ba2501-33ba250a 1179->1182 1180->1179 1183 33ba244d-33ba2451 1180->1183 1185 33ba2517-33ba251b 1181->1185 1182->1181 1184 33ba250c 1182->1184 1183->1179 1186 33ba2457-33ba245b 1183->1186 1184->1181 1187 33ba2538-33ba253e 1185->1187 1188 33ba251d-33ba252c 1185->1188 1186->1179 1189 33ba2461-33ba2468 1186->1189 1192 33ba2543-33ba2547 1187->1192 1190 33ba252e-33ba2536 1188->1190 1191 33ba2540 1188->1191 1193 33ba246a-33ba2471 1189->1193 1194 33ba24b6-33ba24be 1189->1194 1190->1192 1191->1192 1192->1185 1195 33ba2549-33ba2556 1192->1195 1196 33ba2473-33ba247b 1193->1196 1197 33ba2484 1193->1197 1194->1179 1200 33ba24c0-33ba24c4 1194->1200 1198 33ba2558-33ba2562 1195->1198 1199 33ba2564 1195->1199 1196->1179 1201 33ba247d-33ba2482 1196->1201 1202 33ba2489-33ba24ab call 33b40510 1197->1202 1203 33ba2567-33ba2569 1198->1203 1199->1203 1200->1179 1204 33ba24c6-33ba24ea call 33b40510 1200->1204 1201->1202 1215 33ba24ae-33ba24b1 1202->1215 1206 33ba256b-33ba256d 1203->1206 1207 33ba258d-33ba258f 1203->1207 1204->1215 1206->1207 1209 33ba256f-33ba258b call 33b40510 1206->1209 1211 33ba25ae-33ba25d0 call 33b40510 1207->1211 1212 33ba2591-33ba2593 1207->1212 1222 33ba25d3-33ba25df 1209->1222 1211->1222 1212->1211 1216 33ba2595-33ba25ab call 33b40510 1212->1216 1221 33ba2615-33ba2619 1215->1221 1216->1211 1222->1203 1224 33ba25e1-33ba25e4 1222->1224 1225 33ba2613 1224->1225 1226 33ba25e6-33ba2610 call 33b40510 1224->1226 1225->1221 1226->1225
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: ___swprintf_l
                                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                      • API String ID: 48624451-2108815105
                                      • Opcode ID: d2a2b17808c0bd73cb3a3cc75c5323ac46b5afc0cea5237423f8f4d6e88d1a12
                                      • Instruction ID: b158a7f97e1dcba3896c9510cea1fa4b98795f26868dcfb9c5faa3908357076e
                                      • Opcode Fuzzy Hash: d2a2b17808c0bd73cb3a3cc75c5323ac46b5afc0cea5237423f8f4d6e88d1a12
                                      • Instruction Fuzzy Hash: DB5127B5A08B55AEDB20CF5CC89097FB7FDEB44240B44847AE5D5CB681EB74DA108B60
                                      Function 33BCA670 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 285timeCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1426 33bca670-33bca6e9 call 33b02410 * 2 RtlDebugPrintTimes 1432 33bca89f-33bca8c4 call 33b025b0 * 2 call 33b34c30 1426->1432 1433 33bca6ef-33bca6fa 1426->1433 1435 33bca6fc-33bca709 1433->1435 1436 33bca724 1433->1436 1438 33bca70f-33bca715 1435->1438 1439 33bca70b-33bca70d 1435->1439 1440 33bca728-33bca734 1436->1440 1442 33bca71b-33bca722 1438->1442 1443 33bca7f3-33bca7f5 1438->1443 1439->1438 1444 33bca741-33bca743 1440->1444 1442->1440 1446 33bca81f-33bca821 1443->1446 1447 33bca745-33bca747 1444->1447 1448 33bca736-33bca73c 1444->1448 1449 33bca755-33bca77d RtlDebugPrintTimes 1446->1449 1450 33bca827-33bca834 1446->1450 1447->1446 1452 33bca74c-33bca750 1448->1452 1453 33bca73e 1448->1453 1449->1432 1462 33bca783-33bca7a0 RtlDebugPrintTimes 1449->1462 1454 33bca85a-33bca866 1450->1454 1455 33bca836-33bca843 1450->1455 1457 33bca86c-33bca86e 1452->1457 1453->1444 1461 33bca87b-33bca87d 1454->1461 1459 33bca84b-33bca851 1455->1459 1460 33bca845-33bca849 1455->1460 1457->1446 1463 33bca96b-33bca96d 1459->1463 1464 33bca857 1459->1464 1460->1459 1465 33bca87f-33bca881 1461->1465 1466 33bca870-33bca876 1461->1466 1462->1432 1474 33bca7a6-33bca7cc RtlDebugPrintTimes 1462->1474 1467 33bca883-33bca889 1463->1467 1464->1454 1465->1467 1468 33bca878 1466->1468 1469 33bca8c7-33bca8cb 1466->1469 1472 33bca88b-33bca89d RtlDebugPrintTimes 1467->1472 1473 33bca8d0-33bca8f4 RtlDebugPrintTimes 1467->1473 1468->1461 1471 33bca99f-33bca9a1 1469->1471 1472->1432 1473->1432 1478 33bca8f6-33bca913 RtlDebugPrintTimes 1473->1478 1474->1432 1479 33bca7d2-33bca7d4 1474->1479 1478->1432 1483 33bca915-33bca944 RtlDebugPrintTimes 1478->1483 1480 33bca7d6-33bca7e3 1479->1480 1481 33bca7f7-33bca80a 1479->1481 1484 33bca7eb-33bca7f1 1480->1484 1485 33bca7e5-33bca7e9 1480->1485 1486 33bca817-33bca819 1481->1486 1483->1432 1492 33bca94a-33bca94c 1483->1492 1484->1443 1484->1481 1485->1484 1487 33bca80c-33bca812 1486->1487 1488 33bca81b-33bca81d 1486->1488 1490 33bca868-33bca86a 1487->1490 1491 33bca814 1487->1491 1488->1446 1490->1457 1491->1486 1493 33bca94e-33bca95b 1492->1493 1494 33bca972-33bca985 1492->1494 1495 33bca95d-33bca961 1493->1495 1496 33bca963-33bca969 1493->1496 1497 33bca992-33bca994 1494->1497 1495->1496 1496->1463 1496->1494 1498 33bca996 1497->1498 1499 33bca987-33bca98d 1497->1499 1498->1465 1500 33bca98f 1499->1500 1501 33bca99b-33bca99d 1499->1501 1500->1497 1501->1471
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID: HEAP:
                                      • API String ID: 3446177414-2466845122
                                      • Opcode ID: 8e8b7a35ae2700441e52a01b2973fb137bd3217f23d38a68b7500b82e5726096
                                      • Instruction ID: 10ee468f2e1f791e0e37ed895a69ee308c78fc8fdce39378982d90703d9c06b5
                                      • Opcode Fuzzy Hash: 8e8b7a35ae2700441e52a01b2973fb137bd3217f23d38a68b7500b82e5726096
                                      • Instruction Fuzzy Hash: C3A187B5A14351CFD724CE28C890A1ABBE9FB88750F09457DE985DB320EB74EC46CB91
                                      Function 33B27630 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 194COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1502 33b27630-33b27651 1503 33b27653-33b2766f call 33afe660 1502->1503 1504 33b2768b-33b27699 call 33b34c30 1502->1504 1509 33b27675-33b27682 1503->1509 1510 33b64638 1503->1510 1511 33b27684 1509->1511 1512 33b2769a-33b276a9 call 33b27818 1509->1512 1514 33b6463f-33b64645 1510->1514 1511->1504 1518 33b27701-33b2770a 1512->1518 1519 33b276ab-33b276c1 call 33b277cd 1512->1519 1516 33b276c7-33b276d0 call 33b27728 1514->1516 1517 33b6464b-33b646b8 call 33b7f290 call 33b39020 RtlDebugPrintTimes BaseQueryModuleData 1514->1517 1516->1518 1527 33b276d2 1516->1527 1517->1516 1534 33b646be-33b646c6 1517->1534 1522 33b276d8-33b276e1 1518->1522 1519->1514 1519->1516 1529 33b276e3-33b276f2 call 33b2771b 1522->1529 1530 33b2770c-33b2770e 1522->1530 1527->1522 1532 33b276f4-33b276f6 1529->1532 1530->1532 1536 33b27710-33b27719 1532->1536 1537 33b276f8-33b276fa 1532->1537 1534->1516 1538 33b646cc-33b646d3 1534->1538 1536->1537 1537->1511 1539 33b276fc 1537->1539 1538->1516 1540 33b646d9-33b646e4 1538->1540 1541 33b647be-33b647d0 call 33b32c50 1539->1541 1542 33b646ea-33b64723 call 33b7f290 call 33b3aaa0 1540->1542 1543 33b647b9 call 33b34d48 1540->1543 1541->1511 1551 33b64725-33b64736 call 33b7f290 1542->1551 1552 33b6473b-33b6476b call 33b7f290 1542->1552 1543->1541 1551->1518 1552->1516 1557 33b64771-33b6477f call 33b3a770 1552->1557 1560 33b64786-33b647a3 call 33b7f290 call 33b6cf9e 1557->1560 1561 33b64781-33b64783 1557->1561 1560->1516 1566 33b647a9-33b647b2 1560->1566 1561->1560 1566->1557 1567 33b647b4 1566->1567 1567->1516
                                      Strings
                                      • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 33B64725
                                      • Execute=1, xrefs: 33B64713
                                      • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 33B64655
                                      • ExecuteOptions, xrefs: 33B646A0
                                      • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 33B646FC
                                      • CLIENT(ntdll): Processing section info %ws..., xrefs: 33B64787
                                      • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 33B64742
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                      • API String ID: 0-484625025
                                      • Opcode ID: 435c797f71a3c8baa9e10b64014f0093c162e42f5cab7bd012542891afc0f2f0
                                      • Instruction ID: 7af912be1ac9436bb9581ca88dbba876515ea1dd9693c637d5ea1c767fe716b6
                                      • Opcode Fuzzy Hash: 435c797f71a3c8baa9e10b64014f0093c162e42f5cab7bd012542891afc0f2f0
                                      • Instruction Fuzzy Hash: FE514975A003296FEB11DAA8DC9AFA93BB8EF04304F4402F9F508E7192DB709A458F54
                                      Function 33B0A250 Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 404COMMON
                                      Download Yara Rule
                                      Strings
                                      • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 33B579D5
                                      • SsHd, xrefs: 33B0A3E4
                                      • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 33B579FA
                                      • Actx , xrefs: 33B57A0C, 33B57A73
                                      • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 33B57AE6
                                      • RtlpFindActivationContextSection_CheckParameters, xrefs: 33B579D0, 33B579F5
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                      • API String ID: 0-1988757188
                                      • Opcode ID: 72994130e111d7ba30a5974baf732022edda9a6f7496110a519f1fa233ff4443
                                      • Instruction ID: 64f5b1447b6f2410899d7d35874ca93dc653cbedb1f62e676ffa965f9ddc4a3c
                                      • Opcode Fuzzy Hash: 72994130e111d7ba30a5974baf732022edda9a6f7496110a519f1fa233ff4443
                                      • Instruction Fuzzy Hash: B9E1BE74604352CFE714CE24C894B1ABBE5FB88394F584A3DF8A5CB290DB31E9498F91
                                      Function 33B0D770 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 372timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      • RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section, xrefs: 33B59565
                                      • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 33B59346
                                      • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 33B5936B
                                      • Actx , xrefs: 33B59508
                                      • RtlpFindActivationContextSection_CheckParameters, xrefs: 33B59341, 33B59366
                                      • GsHd, xrefs: 33B0D874
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID: Actx $GsHd$RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.
                                      • API String ID: 3446177414-2196497285
                                      • Opcode ID: 0380d1716c0daae5dbabcb59f65bfdb28f6563d5a617d318a2ef3bd8e8f9fdb4
                                      • Instruction ID: 67312ebcca0d23fdf9b15979e641bdae3cb0748259dd5535c79bcab552f880d6
                                      • Opcode Fuzzy Hash: 0380d1716c0daae5dbabcb59f65bfdb28f6563d5a617d318a2ef3bd8e8f9fdb4
                                      • Instruction Fuzzy Hash: 64E18C746043528FE710CF68C880B5ABBE5FB88398F484A3DF9959B291D771D944CF92
                                      Function 33AE645D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 150timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • RtlDebugPrintTimes.NTDLL ref: 33AE656C
                                        • Part of subcall function 33AE65B5: RtlDebugPrintTimes.NTDLL ref: 33AE6664
                                        • Part of subcall function 33AE65B5: RtlDebugPrintTimes.NTDLL ref: 33AE66AF
                                      Strings
                                      • minkernel\ntdll\ldrinit.c, xrefs: 33B49A11, 33B49A3A
                                      • LdrpInitShimEngine, xrefs: 33B499F4, 33B49A07, 33B49A30
                                      • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 33B49A2A
                                      • apphelp.dll, xrefs: 33AE6496
                                      • Getting the shim engine exports failed with status 0x%08lx, xrefs: 33B49A01
                                      • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 33B499ED
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                      • API String ID: 3446177414-204845295
                                      • Opcode ID: b72c1641aadae16601f6ea5695cc625c9bb8d37f3b9aa9c9fe9021b00e5880e2
                                      • Instruction ID: 3fd7a702e4d837f0f39472b99597277fabcf3bc19caafc26af0b96a667395700
                                      • Opcode Fuzzy Hash: b72c1641aadae16601f6ea5695cc625c9bb8d37f3b9aa9c9fe9021b00e5880e2
                                      • Instruction Fuzzy Hash: D751F1716183049FE320DF28DD40F9B77E8FB84744F44092AF899AB6A1DB30D904DBA6
                                      Function 33B6FD82 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 109timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID: $$Failed to find export %s!%s (Ordinal:%d) in "%wZ" 0x%08lx$LdrpRedirectDelayloadFailure$Unknown$minkernel\ntdll\ldrdload.c
                                      • API String ID: 3446177414-4227709934
                                      • Opcode ID: f147a7b3c5e794b8a211ffbd392df0d94fb09e90dc0e6787e3686cc67c1077b7
                                      • Instruction ID: 35745bfdabbfa7e6d4259b6e27d8891cfa6937b65e22a881d59daa1176494f1b
                                      • Opcode Fuzzy Hash: f147a7b3c5e794b8a211ffbd392df0d94fb09e90dc0e6787e3686cc67c1077b7
                                      • Instruction Fuzzy Hash: 65418AB9E0121DABDB01DF99D980ADEBBB5FF48308F140269ED14A7342C775AD11DBA0
                                      Function 33B9FD78 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 190timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID: About to free block at %p$About to free block at %p with tag %ws$HEAP: $HEAP[%wZ]: $RtlFreeHeap
                                      • API String ID: 3446177414-3492000579
                                      • Opcode ID: f4632ce814d3e1772a960365da7839b45cc69c3dea533977d0d974e10ad56cf1
                                      • Instruction ID: c4618e07a5ab873610f2aac866650dc9d4f03a845e29d9241b3ca27fe9151ad5
                                      • Opcode Fuzzy Hash: f4632ce814d3e1772a960365da7839b45cc69c3dea533977d0d974e10ad56cf1
                                      • Instruction Fuzzy Hash: 9F71F0349067599FDB01CF68D540AEDFBF1FF4A310F08817AE845ABA52CB359981CB50
                                      Function 33AE65B5 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 184timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      • minkernel\ntdll\ldrinit.c, xrefs: 33B49AC5, 33B49B06
                                      • LdrpLoadShimEngine, xrefs: 33B49ABB, 33B49AFC
                                      • Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 33B49AF6
                                      • Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 33B49AB4
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                      • API String ID: 3446177414-3589223738
                                      • Opcode ID: 125f7e805134a53d6046f6b1f0df91210b40f6ff9c823ab6c76da626f594393b
                                      • Instruction ID: 800454ececd7307b3cbad952a5a8f72f6de9e9dce654b2515f1ae3b8afe80c79
                                      • Opcode Fuzzy Hash: 125f7e805134a53d6046f6b1f0df91210b40f6ff9c823ab6c76da626f594393b
                                      • Instruction Fuzzy Hash: F4511375A203589FDB04EBACCD54F9D77F6BB44304F08056AE891BB6A2CB689C41DB90
                                      Function 33B3B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: __aulldvrm
                                      • String ID: +$-$0$0
                                      • API String ID: 1302938615-699404926
                                      • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                      • Instruction ID: d71239ff6ddc21b65a5b3776bced2931a324f19fddb0b05a81e51e9ec74c4a37
                                      • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                      • Instruction Fuzzy Hash: E481A278E473799EEF04CE68C851BEEBBA5EF46370F58413AD860A7399C73498408750
                                      Function 33AF9126 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 199timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID: $$@
                                      • API String ID: 3446177414-1194432280
                                      • Opcode ID: 66c4572a78478e5d55197edd34d93b829ab805f51f57c207ade38cea03f7ba44
                                      • Instruction ID: 850da611c4b7a7ae8ec0f7b07c0163b687b3671c08384377bf771b8acff5d0f3
                                      • Opcode Fuzzy Hash: 66c4572a78478e5d55197edd34d93b829ab805f51f57c207ade38cea03f7ba44
                                      • Instruction Fuzzy Hash: 8E8149B5D012699BEB21CF54CC44BDEB7B8AB08750F0041EAE95DB7680E7309E85CFA4
                                      Function 33B24D1D Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 117timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 33B6362F
                                      • Querying the active activation context failed with status 0x%08lx, xrefs: 33B6365C
                                      • LdrpFindDllActivationContext, xrefs: 33B63636, 33B63662
                                      • minkernel\ntdll\ldrsnap.c, xrefs: 33B63640, 33B6366C
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                      • API String ID: 3446177414-3779518884
                                      • Opcode ID: 12d44e9d24a4fe82495d9e6dbe008a3d9f48a391da3da495b6bb5c6147d0621d
                                      • Instruction ID: b565f804efe3a6d477b85fd12674c67c032e5ddb096aeda4dcdb4e4848398095
                                      • Opcode Fuzzy Hash: 12d44e9d24a4fe82495d9e6dbe008a3d9f48a391da3da495b6bb5c6147d0621d
                                      • Instruction Fuzzy Hash: 90312C7A910321AEEB11AF08CC44B567AB8FB017D4F4B4376E85CE7E61DBA49CC08795
                                      Function 33B1245A Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 111COMMON
                                      Download Yara Rule
                                      Strings
                                      • LdrpDynamicShimModule, xrefs: 33B5A998
                                      • minkernel\ntdll\ldrinit.c, xrefs: 33B5A9A2
                                      • apphelp.dll, xrefs: 33B12462
                                      • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 33B5A992
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                      • API String ID: 0-176724104
                                      • Opcode ID: 722557781794e48626980b8839da19b871b164af5bb3a129e6dd910dbf5735fa
                                      • Instruction ID: 3ae460f20b8678d2c4be13dea17e8a701d7d4f5109fc520008390f36966381f3
                                      • Opcode Fuzzy Hash: 722557781794e48626980b8839da19b871b164af5bb3a129e6dd910dbf5735fa
                                      • Instruction Fuzzy Hash: 7E314875A10311EBF711AF5CDA80E9A77F8FB84750F19007AF950BB650C7789942DB90
                                      Function 33BA20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: ___swprintf_l
                                      • String ID: %%%u$[$]:%u
                                      • API String ID: 48624451-2819853543
                                      • Opcode ID: 6365cb4b7ec62cc6b6cf493a46ce732556981dc967fc7a947c167fb390f5c685
                                      • Instruction ID: 4a1c6cc5a8f16fd9a188bda28eb542fd493313fe2502d3552ef5b32ae1f7b5c0
                                      • Opcode Fuzzy Hash: 6365cb4b7ec62cc6b6cf493a46ce732556981dc967fc7a947c167fb390f5c685
                                      • Instruction Fuzzy Hash: B32151B6E00629ABDB10DE7DCC40EAEB7F8EF54690F440136E955E7240E734DA119BA1
                                      Function 33AEF910 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 263timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
                                      • API String ID: 3446177414-3610490719
                                      • Opcode ID: e29fdc91c6f34780ddeede8d9238a43c5904434cd8476894a02282fea799340b
                                      • Instruction ID: 66212d0070e1bde9543c27f1a7c8a4c774452385b89c45d1caaffce7f60bc89f
                                      • Opcode Fuzzy Hash: e29fdc91c6f34780ddeede8d9238a43c5904434cd8476894a02282fea799340b
                                      • Instruction Fuzzy Hash: 28912675B04751DFE715DB24C984F2AB7E9FF40A80F05066AEC849B790DB34E841CBA6
                                      Function 33B10BCB Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 210timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      • Failed to allocated memory for shimmed module list, xrefs: 33B5A10F
                                      • minkernel\ntdll\ldrinit.c, xrefs: 33B5A121
                                      • LdrpCheckModule, xrefs: 33B5A117
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                      • API String ID: 3446177414-161242083
                                      • Opcode ID: 2c0ce9e29348445b166f716c50b8691944d2f00a2f94a315b50057a00bef8705
                                      • Instruction ID: dfd06c1ac1025d9dca6d0d9d291d7a7392d7ad4daa84c7c98db24f0a63a852fe
                                      • Opcode Fuzzy Hash: 2c0ce9e29348445b166f716c50b8691944d2f00a2f94a315b50057a00bef8705
                                      • Instruction Fuzzy Hash: 0D71BF75E00319DFEB05DF69CA80AAEB7F5EB48304F18407AE855E7A50E738A942CF50
                                      Function 33B19803 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 179timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
                                      • API String ID: 3446177414-2283098728
                                      • Opcode ID: 1215e36043ba8640b1219175e8879c1f6681596158cefcb37f2a57861a9b3e52
                                      • Instruction ID: 1a2e43a9604aa692e9dfec8c0970c3a22e7132ca3924596397a38b468f808351
                                      • Opcode Fuzzy Hash: 1215e36043ba8640b1219175e8879c1f6681596158cefcb37f2a57861a9b3e52
                                      • Instruction Fuzzy Hash: EA510471E043919FE314DF28C884F1977E5FB84394F08067DE8969B691DBB0A865CBD1
                                      Function 33B2C720 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 141timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      • LdrpInitializePerUserWindowsDirectory, xrefs: 33B682DE
                                      • minkernel\ntdll\ldrinit.c, xrefs: 33B682E8
                                      • Failed to reallocate the system dirs string !, xrefs: 33B682D7
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                      • API String ID: 3446177414-1783798831
                                      • Opcode ID: 31441939636749c84f5201e10dc149ad7d9c32b8c84c0222fd8c019ea5f85c5a
                                      • Instruction ID: 18adb28fc509233ec6eb67be1fef11c88f66213095bf0c9931a5df5c358532c4
                                      • Opcode Fuzzy Hash: 31441939636749c84f5201e10dc149ad7d9c32b8c84c0222fd8c019ea5f85c5a
                                      • Instruction Fuzzy Hash: 9141F2B5925310AFD710EB28D940F4B7BF8EF48750F044A3AB988E3660EB79D8018B91
                                      Function 33B2BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                      Download Yara Rule
                                      Strings
                                      • RTL: Resource at %p, xrefs: 33B67B8E
                                      • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 33B67B7F
                                      • RTL: Re-Waiting, xrefs: 33B67BAC
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                      • API String ID: 0-871070163
                                      • Opcode ID: 25c2a33bb25612b9d13479db69ac425128b48202cfe47ce469e68a52c32cbb4d
                                      • Instruction ID: 77eea9d3ac1d3df7b1ccc521b04df63afe0ff0a8dac4c38c10986e4d62452784
                                      • Opcode Fuzzy Hash: 25c2a33bb25612b9d13479db69ac425128b48202cfe47ce469e68a52c32cbb4d
                                      • Instruction Fuzzy Hash: 3A41EF35B017069FD714CE29C850F5ABBE5EF88720F140A3DF8A9DB681DB31E8058B91
                                      Function 33B2B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                      Download Yara Rule
                                      APIs
                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 33B6728C
                                      Strings
                                      • RTL: Resource at %p, xrefs: 33B672A3
                                      • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 33B67294
                                      • RTL: Re-Waiting, xrefs: 33B672C1
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                      • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                      • API String ID: 885266447-605551621
                                      • Opcode ID: a0a1ba5832610d4c7b7dd18318815a82a77e178ef7df52c985ec5cd8e8bf4e5b
                                      • Instruction ID: afed477f850644effca2e3f75f3827740ba0c7ecf369b9b21689c0bda3ef1341
                                      • Opcode Fuzzy Hash: a0a1ba5832610d4c7b7dd18318815a82a77e178ef7df52c985ec5cd8e8bf4e5b
                                      • Instruction Fuzzy Hash: 0041F035A01316AFE710CE25CC81F56B7A5FF85714F140639FCA9EB641DB21E8468BD1
                                      Function 33B74755 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 33B74888
                                      • LdrpCheckRedirection, xrefs: 33B7488F
                                      • minkernel\ntdll\ldrredirect.c, xrefs: 33B74899
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                      • API String ID: 3446177414-3154609507
                                      • Opcode ID: e9e8482f34fa6a2ae63f90fa8ab6d8cf200af6216bbbf01fd3a1c087cef45e4d
                                      • Instruction ID: 71e0cb404828da635e17d410484876bc654ecf85b375f79e2e02b8639ccc09d0
                                      • Opcode Fuzzy Hash: e9e8482f34fa6a2ae63f90fa8ab6d8cf200af6216bbbf01fd3a1c087cef45e4d
                                      • Instruction Fuzzy Hash: BC41DE76A053648FDB11CE68D940E567BE8FF89692F090679ECE8E7311D730D880CB91
                                      Function 33BA2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: ___swprintf_l
                                      • String ID: %%%u$]:%u
                                      • API String ID: 48624451-3050659472
                                      • Opcode ID: 4103b4d1a25934750010a893158bda490b58f4ed296e047801993d01eeae1fc8
                                      • Instruction ID: 2e1199818fd071c3bfc676cc3169bf2956a57ed5909694c109388cdf916e00af
                                      • Opcode Fuzzy Hash: 4103b4d1a25934750010a893158bda490b58f4ed296e047801993d01eeae1fc8
                                      • Instruction Fuzzy Hash: 5A3166769006299FDB10CE2DDC50BEE77F8EF45650F844566E889E7240EB309A558FA0
                                      Function 33B75F10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID: Wow64 Emulation Layer
                                      • API String ID: 3446177414-921169906
                                      • Opcode ID: 873d5256d2f636c0b9c48846fce7d516d291c2bacd335901c77d1ba5d191c4b3
                                      • Instruction ID: c83abc4cf77cb908d38ef86f94b57d2cee0feac8fee67e14cf7f41b9be01d1c4
                                      • Opcode Fuzzy Hash: 873d5256d2f636c0b9c48846fce7d516d291c2bacd335901c77d1ba5d191c4b3
                                      • Instruction Fuzzy Hash: 082106B6A0025DBFAF019AA4CD84CAF7B7DEF442D8F040065FA25A6140EB34DE069B61
                                      Function 33B1EF28 Relevance: 6.3, APIs: 4, Instructions: 347COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d2b91e82dc93004aac712f1bf97cb9849e9d51a3dfe12987bc8798f896368c61
                                      • Instruction ID: ceee6735301e4a796fe8bbc3cb9df98eea78434902a821035c5325df3d6f8f0a
                                      • Opcode Fuzzy Hash: d2b91e82dc93004aac712f1bf97cb9849e9d51a3dfe12987bc8798f896368c61
                                      • Instruction Fuzzy Hash: CBE1EE74E00718DFEB21CFA9C980A8DBBF5FF48354F24462AE886A7661D734A855CF50
                                      Function 33B6EF50 Relevance: 6.2, APIs: 4, Instructions: 187timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID:
                                      • API String ID: 3446177414-0
                                      • Opcode ID: c9245bb5902dc597e5debf8661abdaa41c4f89266218c6a7ffb0fd6eaee04498
                                      • Instruction ID: 08b2f3cf72e9e68dadfb6b950ee30949af307c92fba09d81e83b11735010ca7e
                                      • Opcode Fuzzy Hash: c9245bb5902dc597e5debf8661abdaa41c4f89266218c6a7ffb0fd6eaee04498
                                      • Instruction Fuzzy Hash: 3D711675E002199FEF01CFA8D980ADDBBB5FF48398F14412AE905FB256D734A905CBA4
                                      Function 33BCA4CA Relevance: 6.2, APIs: 4, Instructions: 170timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID:
                                      • API String ID: 3446177414-0
                                      • Opcode ID: 7479933b81393b270b9c9b8e5a2eb37d647e89ac0bf2e8bc111cbab4e49532c0
                                      • Instruction ID: de7ae3519e155ce291215282e3e752accae73fbee4a9511e773c3fd7d09f549a
                                      • Opcode Fuzzy Hash: 7479933b81393b270b9c9b8e5a2eb37d647e89ac0bf2e8bc111cbab4e49532c0
                                      • Instruction Fuzzy Hash: B0518B78700662DFEB28CE18C9A4A19B7F9FB88350B14817DD906DB711DB74EC41CB80
                                      Function 33B6F1D6 Relevance: 6.2, APIs: 4, Instructions: 150timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID:
                                      • API String ID: 3446177414-0
                                      • Opcode ID: 90a9dda5bcc2435306f10d97c5a2245be8eec6bb6ddfcdf7e08deba0e070726f
                                      • Instruction ID: 5b35af7a6f1b0a6dd03c83030c8a723ba94d569d06e31bcc60eab8751a74934b
                                      • Opcode Fuzzy Hash: 90a9dda5bcc2435306f10d97c5a2245be8eec6bb6ddfcdf7e08deba0e070726f
                                      • Instruction Fuzzy Hash: F45124B6E002199FDF04CF98D841ADDBBB5FF88358F14822AE815BB251D7389A01CF64
                                      Function 33B27B2F Relevance: 6.1, APIs: 4, Instructions: 81timethreadCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes$BaseInitThreadThunk
                                      • String ID:
                                      • API String ID: 4281723722-0
                                      • Opcode ID: d9b8da7a6f4605e4b9569cc7fcdc0285738cfdd7a8df348f49187c96b821a077
                                      • Instruction ID: db30164daed9f3202ce04f87d5e79c550eceab499cc401ac934993c3605624c4
                                      • Opcode Fuzzy Hash: d9b8da7a6f4605e4b9569cc7fcdc0285738cfdd7a8df348f49187c96b821a077
                                      • Instruction Fuzzy Hash: 47314576E10628AFCF01EFA8D945A9DBBF0FB48320F10412AE821F7680CB399901CF54
                                      Function 33AF59C0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 494COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: @
                                      • API String ID: 0-2766056989
                                      • Opcode ID: eda4ea7125d58d1a0aefaabf951fbe9da245bc147bf382668301f4e4cfdae41f
                                      • Instruction ID: fff5f9f77aa7527b7c26780ab9d9d079d4f8bbf8b71c8304b7e502accc7262b6
                                      • Opcode Fuzzy Hash: eda4ea7125d58d1a0aefaabf951fbe9da245bc147bf382668301f4e4cfdae41f
                                      • Instruction Fuzzy Hash: 36325774D04369DFEB21CF64CD84BD9BBB4BB09304F0441EAE889A7651DB769A84CF90
                                      Function 33B37D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: __aulldvrm
                                      • String ID: +$-
                                      • API String ID: 1302938615-2137968064
                                      • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                      • Instruction ID: 5309d59eb844283a43046e9dded85e8ef16a2fb0fbf564a0fa5a884cfcbc0c2a
                                      • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                      • Instruction Fuzzy Hash: DE91A874E023799BEB10CE69C882AAE77A5FF46371F58453AF865E72C0DB3099408F51
                                      Function 33B24C59 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 0$Flst
                                      • API String ID: 0-758220159
                                      • Opcode ID: 010c3273209b8cebec1a46f2b263fd425bdd51cf675c68af94b68f57a3f93a57
                                      • Instruction ID: f06f86ade5e31e57ef6b4509f287d437fabe4c32d8015cc362931d5ec1cd2f3e
                                      • Opcode Fuzzy Hash: 010c3273209b8cebec1a46f2b263fd425bdd51cf675c68af94b68f57a3f93a57
                                      • Instruction Fuzzy Hash: E951BCB5E006288FEB11CF98C484659FBF8EF44798F19813AD04DDBA51EB709D85CB90
                                      Function 33AF04E5 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 153timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      • kLsE, xrefs: 33AF0540
                                      • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 33AF063D
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                      • API String ID: 3446177414-2547482624
                                      • Opcode ID: 749eee4446e84ce1436cb3a8abd0e78d4a87427985e6518ff06b64fc82b08f15
                                      • Instruction ID: a44f685c00b461b00e3876f6ea7f92c596b35ad08a0001f7fdccc8290b7859d7
                                      • Opcode Fuzzy Hash: 749eee4446e84ce1436cb3a8abd0e78d4a87427985e6518ff06b64fc82b08f15
                                      • Instruction Fuzzy Hash: FC51ABB59047428FD324DF64C9406A7B7E8AF89304F04883FF9EA87640E7BAD545DB92
                                      Function 33AEDF81 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.4182804414.0000000033AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 33AC0000, based on PE: true
                                      • Associated: 00000005.00000002.4182804414.0000000033BE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033BED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000005.00000002.4182804414.0000000033C5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_33ac0000_rTransferenciarealizada451236.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID: 0$0
                                      • API String ID: 3446177414-203156872
                                      • Opcode ID: e12481e1a0373a5d63953431a4c5bd69cd4127d5202b15d22bfcf6f434c61633
                                      • Instruction ID: fed52ce689e3be348b0ef0a0cb165c74243276038adc92dc51253f9d5e868086
                                      • Opcode Fuzzy Hash: e12481e1a0373a5d63953431a4c5bd69cd4127d5202b15d22bfcf6f434c61633
                                      • Instruction Fuzzy Hash: 64417CB5A087069FD300CF28C594A0ABBE4FB88354F04492EF888DB351D771EA05CB96